SMB1 alerting

  • 1
  • Idea
  • Updated 2 years ago
  • (Edited)
Alerts make sense when SMB1 traffic is unexpected. If you see SMB1 traffic in reports, then there is probably no point to send emails with alerts. 

If required, here are the steps you can take to disable SMB1 alerting:

The marked signatures page can be accessed directly @

Click 'Delete' to delete the SMB alert 'Windows Network File Access (SMB1)'

Instead of facing a flood of emails, you can refer to the report Ransomware: Wannacry SMBv1 at the following page https://x.x.x.x/netmon/view.cgi?rid=507 to check for any file server using the SMB1 file share protocol which may be vulnerable to a Ransomware attack. 
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 2 years ago

  • 1

Be the first to post a reply!