Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch lady – Scanners and SMBv1

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch lady – Scanners and SMBv1

    This topic contains 12 replies, has 10 voices, and was last updated by  RetiredGeek 1 day, 8 hours ago.

    • Author
      Posts
    • #184960 Reply

      Susan Bradley
      AskWoody MVP

      So if your older scanner suddenly doesn’t work consider this:  In 1709 if you did an in place upgrade, you retain the SMBv1 in your networking configu
      [See the full post at: Patch lady – Scanners and SMBv1]

      Susan Bradley Patch Lady

      5 users thanked author for this post.
    • #184967 Reply

      krzemien
      AskWoody Lounger

      Hey Susan,

      Most useful – many thanks for picking this up.

      I actually did spot it couple of times in the Event Log so two probably very silly questions from me:

      * how do I find out which device still uses SMBv1 and (assumingly) makes Windows 10 1709 re-adding it every now and then? I own only few of such beasts at home:

      1. -old-ish Vista laptop
      2. -new-ish 8.1 laptop
      3. -new-ish HP network printer
      4. -new-ish personal network cloud device?

      * how do I disable this process completely and ensure that SMBv1 does not get reinstated at all?

    • #185000 Reply

      woody
      Da Boss

      Barb Bowman just tweeted:

      https://twitter.com/barbbowman/status/985848319116275712

      I believe is still maintaining the list at   of bad actors requiring SMB1

      2 users thanked author for this post.
    • #185003 Reply

      krzemien
      AskWoody Lounger

      Thanks Woody

      Have some idea now what seems to be triggering this unexpected and unwanted install as I forgot about my broadband monitor (courtesy of Samknows) that – I think – uses customised TP-Link hardware.

      Will check later today and follow up with vendor..

    • #185030 Reply

      Mr. Natural
      AskWoody Lounger

      Here’s the command that runs which includes the location of the script. (on windows 10 machines)

      [*COMMAND*] & C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client

      I noticed after I let it run on my machine the disable unused smb1.ps1 file is removed from that location.

      Microsoft is also running another script related to Microsoft Office. I plan on posting in the MS Office forums when I get a chance as quite frankly I’m not sure what it’s doing and I’m sure someone here can let us know.

      DisableUnusedSmb1.ps1 -Scenario Client  is the full command.

      I'm not sayin' nothin' man..... I'm just sayin'

      • This reply was modified 5 days, 8 hours ago by  Mr. Natural. Reason: appears to be cutting off full command line
      • This reply was modified 5 days, 8 hours ago by  Mr. Natural.
    • #185054 Reply

      anonymous

      My printer/scanner is alright-Just tested it and it’s working fine

    • #185057 Reply

      Noel Carboni
      AskWoody MVP

      SMB1 is a potential vulnerability only if your Windows Networking is accessible directly to systems on the Internet (not typical if you have a NAT router), or can potentially have untrustworthy systems on your LAN/wifi (which could include transitory things like laptops, phones, TV devices, IOT boxes, etc.).

      I guess there’s also the possibility that one of the several IPv6 tunneling protocols could be exposing Windows Networking to systems abroad. I haven’t really looked into the specifics of what passes through because I simply don’t leave tunneling enabled.

      IOT, LOL… I see that our HP networked printer tries from time to time to connect to servers online. And it tries to make Windows Networking connections to my Windows systems. Suspicious much? All are blocked, and yet lo and behold I can still print out tax forms. And aw, poor HP doesn’t get minute by minute notifications of whether I’m using refilled ink cartridges, or other things about my LAN…

      -Noel

      3 users thanked author for this post.
    • #185058 Reply

      anonymous

      Yeh, I have an old Intel RAID NAS box stuffed with enterprise drives that I occasionally use for non-critical, off-line storage. It requires SMBv1 and will never receive a firmware update, so I enable/disable SMBv1 via batch file as required.

      I hadn’t thought about the Epson photo/slide scanner (thanks, Sue). Just checked and it seems to be OK as is an older, networked HP laser printer as currently configured.

      I hate to discard serviceable hardware because … well, I’m a money miser.

      – Carl –

      1 user thanked author for this post.
    • #185093 Reply

      Jan K.
      AskWoody Lounger

      So 15 days after SMBv1 on the client is not used, the system will send a dism command to disable SMBv1.

      If suddenly your clients or you can’t scan to computer or scan to share, see if you can spot this in your event log…

      Speaking of A.I. and built-in intelligence… wouldn’t it be an awfully nice gesture, if the OS send the user a warning before making system changes and sending users on a wild goose chase?

      1 user thanked author for this post.
      • #185095 Reply

        geekdom
        AskWoody Lounger

        As the saying goes: Artificial intelligence, natural stupidity.

        Group G{ot backup} Win7|64-bit|SP1

        1 user thanked author for this post.
    • #185154 Reply

      GoneToPlaid
      AskWoody Lounger

      I had to keep SMB1 enabled on both my home network and the office network since we had issues with older printers, and since we had issues with computers not being able to see other computers on the networks. Fortunately, we use the same antivirus software both at home and at the office. The antivirus software has features which prevent any unauthorized processes from running, and also which prevents any unauthorized program or process from modifying data on protected partitions and folders which we specify. And of course both my home network and the office network are behind routers with NAT and with no other pass-throughs since we don’t allow PPTP or any other hokey stuff.

      The upshot is that if you really need to have SMB1 enabled on your network, then look for antivirus solutions which are up to snuff in terms of preventing ransomware and 0-day attacks against protected data storage locations on your network. I am sure that there are some good experts here in this regard, yet I ain’t one of them. We learned the hard way about ransomware and about the stupidity of failing to perform regular backups when we were hit with CryptoLocker in January 2014. We had to pay the ransom, and luckily over 99% of everything got decrypted. That took a while — nearly all weekend.

      And on one final note, office employees should always shut down their computers every day before they leave. Why? Because the computer this a running could be the computer that is a encrypting — unbeknownst to everyone. Most ransomware shuts down when the computer is shut down or rebooted, and will display the ransom message upon restart.

    • #186081 Reply

      RetiredGeek
      AskWoody MVP

      Hey Y’all,

      I had my home network go bonkers last evening. I couldn’t connect to any machine from any machine all Running Win 10 1709 using Advanced sharing to Authenticated Users Only.

      I had turned off SMBv1 the other day after I got a firmware upgrade from WD for my MyBookLive and everything was working fine until last night.

      I was going a little nuts at 01:00 this morning when I just went to bed. When I got up this morning I remembered the SMBv1 setting so decided to turn it back on to see if it fixed the problem and lo and behold we have network!

      So what changed? I can’t see anything in Windows update log.

      Anyone else seeing this?

      OOPS! Just saw KBs 4093112 & 4090913 installed yesterday on my main box. Must have happened when I wasn’t looking! They, however, are not installed on my test box or my spouses machine.

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      • This reply was modified 1 day, 8 hours ago by  RetiredGeek.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch lady – Scanners and SMBv1

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.