On-Premise Endpoint

Sophos Endpoint Software how to block Microsoft PsExec tool

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 2 replies
Answers 1 answer
Subscribers 4 subscribers
Views 14841 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to block Microsoft PsExec tool

Sophozilla over 7 years ago

I'm concerned about the Petya incident and would like to know how to go about blocking Microsoft PsExec tool

This thread was automatically locked due to age.

Parents

0 QC over 7 years ago

Hello Todd Villeneuve,

psexec is detected as PUA since 2006.
What psexec basically does isn't really rocket science - any decent malware writer could come up with its basic and abused functionality in minutes. That a know tool is used stems from the fact that it's often used for system administration, software deployment and things like that. There's a chance that it is white-listed ...

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 7 years ago

Hello Todd Villeneuve,

psexec is detected as PUA since 2006.
What psexec basically does isn't really rocket science - any decent malware writer could come up with its basic and abused functionality in minutes. That a know tool is used stems from the fact that it's often used for system administration, software deployment and things like that. There's a chance that it is white-listed ...

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data