SMB1 Detection
Summary
This monitor checks whether SMB1 is enabled on the end machine. It runs the OS version compatible command to fetch the data.
Monitor
-
Go to Alert Management > Monitors > Add monitor
-
This screen will appear.
-
Fill in the Name and Description boxes.
Name: SMB1 Detection
Description: Check whether SMB1 is enabled on the end machine.Select
ScriptasType,RMM Agentfor theFamily, andOthersor any relevant option for theSeverity.
-
In the conditions selection, select PowerShell in the Script Language, select Schedule in Run Script on, and type 167 hours in Repeat every. Add the following query in the Script box:
$ErroractionPreference = 'SilentlyContinue'
# Get the OS version
$ver = [Version](Get-WmiObject -Class Win32_OperatingSystem).version
"$($ver.Major).$($ver.Minor)"
# Check if the OS version is greater than or equal to 6.3
if ($ver -ge [version]'6.3') {
# Check if SMB1 is enabled using Get-SmbServerConfiguration
if (((Get-SmbServerConfiguration).EnableSMB1Protocol) -ne 'True') {
return 'False'
} else {
return 'True'
}
} else {
# For older OS versions, check the registry for SMB1 status
$s = Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters |
ForEach-Object { Get-ItemProperty $_.pspath -Name SMB1 }
if ((-not $s) -or ($s -contains 1)) {
return 'True'
} else {
return 'False'
}
}In Criteria, select
Contains,AND
EnterTruein Script output.
The Conditions Section should look something like this:
-
Select
Run same script as abovecondition for the Ticket Resolution section. SelectContains,ANDfor criteria. EnterFalsein Script Output.
Ticket Resolution should look something like this:
-
Select the Resources/Clients to apply the monitor set against.
-
This is how the monitor set should look before saving it.
-
Click the
Savebutton to save the monitor set.