Comprehensive data protection for all workloads
Post Reply
Brunok
Enthusiast
Posts: 36
Liked: 6 times
Joined: Sep 02, 2014 7:16 am
Full Name: Bruno
Contact:

Disabling SMB 1.0 / CIFS on Veeam Servers (NotPetya)

Post by Brunok »

Hi all,

current "NotPetya/Petrwarp" ransomware and Wannacry etc. used SMB 1.0 / CIFS for spreading along the network (and some other things). As on a client workstation it can help to disable SMB 1.0 to protect the system, it is often not possible to do the same on a server. I am asking myself, what impact it will have on the veeam-infrastructure (B&R Server, Repositories, Off-Host-Proxies..) if we disable SMB 1.0 / CIFS Sharing on these Servers. Does Veeam uses SMB 1.0 protocol in any way ?
What about Repositories on synology NAS boxes ?

My idea is to protect the backup-envoirement at least against the SMB-vulnerability. Of course, other attacks like wmic / psexec would be still there..

any suggestions ?
Thx
Bruno
kubimike
Veteran
Posts: 373
Liked: 41 times
Joined: Feb 03, 2017 2:34 pm
Full Name: MikeO
Contact:

Re: Disabling SMB 1.0 / CIFS on Veeam Servers (NotPetya)

Post by kubimike »

Nothing ran like that for awhile when I didnt want to patch
post243062.html?hilit=smb#p243062
nmdange
Veteran
Posts: 527
Liked: 142 times
Joined: Aug 20, 2015 9:30 pm
Contact:

Re: Disabling SMB 1.0 / CIFS on Veeam Servers (NotPetya)

Post by nmdange »

We have SMBv1 fully disabled in our environment on all servers and clients and it causes no issues with Veeam.
Brunok
Enthusiast
Posts: 36
Liked: 6 times
Joined: Sep 02, 2014 7:16 am
Full Name: Bruno
Contact:

Re: Disabling SMB 1.0 / CIFS on Veeam Servers (NotPetya)

Post by Brunok »

Thank you for the answers.
nmdange wrote:We have SMBv1 fully disabled in our environment on all servers and clients and it causes no issues with Veeam.
Did you do this manually (remove the feature / edit registry) or did you only full patch all servers ( MS17-010 ) ?
IHeartCats
Influencer
Posts: 23
Liked: never
Joined: Jul 18, 2017 1:58 pm
Full Name: Helen
Contact:

Re: Disabling SMB 1.0 / CIFS on Veeam Servers (NotPetya)

Post by IHeartCats »

Thanks for your replies on this. I came to this forum as Veeam support wasn't able to answer if Veeam had any dependency on SMBv1 and suggested looking here.
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 221 guests