NTLMv1.1
Purpose
The goal of this solution is to detect and disable NTLMv1.1.
Associated Content
| Content | Type | Function |
|---|---|---|
| Remote Monitor - NTLMv1.1 Detection | Remote Monitor | Check whether NTLMv1.1 is enabled on the end machine. |
| Dataview - NTLMv1.1 Status [Remote Monitor] | Dataview | Represents whether NTLMv1.1 is enabled or not. It is dependent on the EPM - Windows Configuration - Remote Monitor - NTLMv1.1 Detection. |
| Script - Disable NTLMv1.1 | Script | This script disables the NTLMv1.1 protocol on the target machine. |
| △ Custom - Autofix - Disable NTLMv1.1 | Alert Template | This will execute the Script - Disable NTLMv1.1. |
Implementation
- Read the associated documents carefully.
- Import - Remote Monitor - NTLMv1.1 Detection
- Import - Dataview - NTLMv1.1 Status [Remote Monitor]
- Import - Script - Disable NTLMv1.1.
- This script can be used as an auto-fix with the Remote Monitor - NTLMv1.1 Detection or can also be executed manually.
- If the auto-fix is needed, import the alert template:
△ Custom - Autofix - Disable NTLMv1.1.