Hi,
About 3 weeks ago my company was hkacked using psexe and pskil. I would like to block these apps but i cant find them in application controle.
Can you help me?
Michel V
This thread was automatically locked due to age.
Hi,
About 3 weeks ago my company was hkacked using psexe and pskil. I would like to block these apps but i cant find them in application controle.
Can you help me?
Michel V
Hello Michel Vaillancourt,
Thank you for reaching out to the community, psexe and pskil uses uses TCP ports 135 and 445.
So you can simply create a drop/reject rule for the desired networks !
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
It is possible block psexec tool directly on sophos console?
psexec is detected as PUA since 2006.
What psexec basically does isn't really rocket science - any decent malware writer could come up with its basic and abused functionality in minutes. That a know tool is used stems from the fact that it's often used for system administration, software deployment and things like that. There's a chance that it is white-listed. But as I mentioned that it uses the ports 135 and 445 blocking those in your network can help !
There is no command straight forward from the console to block it ! Erik Alejos Agustí
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.