In the light of current news, I decided to ask a question on how to protect my computer from the popular wcrypt (Wanna Cry / Wana Decrypt0r). Who has data on this topic?
- geektimes.ru/post/289115 - Visman
- onedownload only 64 or 86 from the website kb4012212 and install, if you have an update automatically inserted, then see if the update is installed or not if it was released in March 2017. - kokik
- oneAnd if it is not installed and not installed at you - it means that you have not an ancient seven, which came out 8 years ago, but something fresher. - PashaPash ♦
|
2 answers
Windows Update MS17-010
The virus uses the ETERNALBLUE exploit, which closes Microsoft Security Update MS17-010 released in March. I recommend checking with the update center the availability of such an update (by code) on your computer (for example, the code for Windows 7 will be KB4012212 or KB4012215, or any other monthly set of security quality fixes from March (2017) ).
If updates are not installed, you can download them from the official Microsoft website:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
For older systems (Windows XP, Windows Server 2003R2), Microsoft released special patches:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Close ports 135 and 445
According to reports of antivirus companies, wcrypt penetrates computers through SMB (Server Message Block) ports. To prevent penetration, we block ports 135 and 445, through which the virus penetrates (in most cases they are not used by ordinary users).
To do this, open the console with administrator rights (cmd.exe -> launch as administrator). And we execute 2 teams in it alternately (after each command there should be OK status)
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135" netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445" Disable SMBv1 support
The vulnerability can also be closed by completely disabling SMBv1 support. To do this, simply run the following command in the command line running as Administrator (for Windows 8 and above):
dism /online /norestart /disable-feature /featurename:SMB1Protocol Antivirus detection
The list of antiviruses that, according to Virus Total dated 05.17.2017, detect wcrypt:
Dmitry Maslennikov Dmitry Maslennikov
4.002 four sixteen 42
- I set the axis in April. None of the updates are present. Download kb4012215 and put hands can not - "update does not apply to this computer." You cannot disable the SMB1Protocol - "Error: 0x800f080c The component name" SMB1Protocol "is unknown The Windows component name is not recognized." - vitidev
- one@vitidev, then you are not using Windows on your computer :) - Visman
- @vitidev kb4012215 is an update for 7-ki. - PashaPash ♦
- @PashaPash I have it. As a result, 12212 was set, and this despite the fact that the update is included. - vitidev
- And Kaspersky would help? Or would antivirus be useless here? - user208916
|
I'll tell you how I got rid of encryption in our corporate network.
We have about 1,000 hosts and periodically computers infected with encryption. And if we protected corporate mail, the encryption was still installed via personal mail or web resources.
The solution is very simple in the Group Policy "Computer Configuration / windows configuration / Security Settings / Software Restriction Policies / Additional Rules" set all paths through which programs can run (programm files, Windows ...). In the designated file types, we delete the shortcuts and add JS which, by default, for some reason not. And that's all. This policy was applied long before the epidemics of Wanna Cry / Wana Decrypt0r and since then not a single infection.
ps and of course users should not sit under the admin, exactly like admins.
polsok polsok
682 eight sixteen
|
Protected by a community spirit ♦ 15 May '17 at 19:25 .
Thank you for your interest in this issue. Since he collected a large number of low-quality and spam responses, which had to be deleted, now it’s necessary to have 10 reputation points on the site (the bonus for account association is not counted ).
Maybe you want to answer one of the unanswered questions ?