Before you connect to the network
1. Check your machine is it already apply KB 4012215 or KB 4015549 or KB 4019264
wmic qfe | find "4012215"
wmic qfe | find "4015549"
wmic qfe | find "4019264"
The following example machine is already installed KB 4019264:
Reference:
http://windowsitpro.com/scripting/get-hotfix-information-quickly-wmic
2. Run Antivirus update to keep it to latest version and definition
3. Disable SMBv1
1. Open powershell by runas administrator
2. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
3. Reboot your machine
Reference:
https://support.microsoft.com/en-hk/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
4. If you are McAfee VirusScan Enterprise User, please consider to use VSE Access Protection rules to against:
https://kc.mcafee.com/corporate/index?page=content&id=KB89335
Create two access protection rules:
1. Registry Blocking Rule
2. File/Folder Blocking Rule
Reference:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
No comments:
Post a Comment