Hi All! Does anyone know how to adjust this signature? I have a VERY great number of such events per day and I think that all of that events are not serious, because almost every workstation in the LAN generate at least one SMB_Empty_Password event. I don't want to switch off that signature, because it has high severity, but how can I adjust it? I've found that such signature generates when user not in NT domain is trying to access network share, or to use network printer. But it is not serious violation, because after trying to connect as Guest, user will be prompted to specify domain, login and password, and if user will specify wrong credentials - access will be denied! Also, scanning through NULL-session (connection to IPC$ share) is permitted in Windows (NT, 2K) by default, and to deny this it is needed special configuration in registry... - it is not serious violation too!
How can I adjust SMB_Empty_Password to ignore such a situations? Thans a lot. --- Best regards, Sergey V. Soldatov Department of information security, TNK-BP. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
