Blocking SMB port for Discovery

Harsha M · ‎02-05-2020

Hi Team,

Our Network SME is concerned about opening all ports(which he thinks is the case to allow access to horizontal pattern probe). However he is OK to block few ports such as SMB port(to avoid any virus such as wanna-cry to spread rapidly in the network). However I am not sure about the implication of blocking SMB port for discovery. Any insights on this is really appreciated.

Andrew Pywell · ‎02-06-2020

Hi,

As from Madrid Patch 3 ServiceNow forces you to use the admin$ share on the remote Windows server. Maybe ok if you have credentials with Local Admin Rights. We do not, and never will have (banking environment.) We have managed to get the Workaround going with a non-admin share. Both require the SMB (Microsoft-ds) port 445 to be open across firewalls. I have not seen this specifically mentioned in any documentation. Happy to be corrected though!!

Using the non Local Admin workaround is only a partial solution though as the "get-process" command will not return the "command line" and executable path" values. ADM therefore fails for many related processes. e.g. MSQSL Instances and Tables, MS Clusters etc.

Regards

Andrew

View solution in original post

Andrew Pywell · ‎02-06-2020

Hi,

As from Madrid Patch 3 ServiceNow forces you to use the admin$ share on the remote Windows server. Maybe ok if you have credentials with Local Admin Rights. We do not, and never will have (banking environment.) We have managed to get the Workaround going with a non-admin share. Both require the SMB (Microsoft-ds) port 445 to be open across firewalls. I have not seen this specifically mentioned in any documentation. Happy to be corrected though!!

Using the non Local Admin workaround is only a partial solution though as the "get-process" command will not return the "command line" and executable path" values. ADM therefore fails for many related processes. e.g. MSQSL Instances and Tables, MS Clusters etc.

Regards

Andrew