Web Protection: Web Filtering & Application Visibility/Control Add psexec and pskil to block application list

UTM Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 3 replies
Answers 1 answer
Subscribers 4 subscribers
Views 2337 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add psexec and pskil to block application list

Michel Vaillancourt over 2 years ago

Hi,

About 3 weeks ago my company was hkacked using psexe and pskil. I would like to block these apps but i cant find them in application controle.

Can you help me?

Michel V

This thread was automatically locked due to age.

Parents

0 Vivek Jagad over 2 years ago

Hello Michel Vaillancourt,

Thank you for reaching out to the community, psexe and pskil uses uses TCP ports 135 and 445.
So you can simply create a drop/reject rule for the desired networks !

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Vivek Jagad over 2 years ago

Hello Michel Vaillancourt,

Thank you for reaching out to the community, psexe and pskil uses uses TCP ports 135 and 445.
So you can simply create a drop/reject rule for the desired networks !

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Erik Alejos Agustí over 2 years ago in reply to Vivek Jagad

It is possible block psexec tool directly on sophos console?
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 2 years ago in reply to Erik Alejos Agustí

psexec is detected as PUA since 2006.
What psexec basically does isn't really rocket science - any decent malware writer could come up with its basic and abused functionality in minutes. That a know tool is used stems from the fact that it's often used for system administration, software deployment and things like that. There's a chance that it is white-listed. But as I mentioned that it uses the ports 135 and 445 blocking those in your network can help !
There is no command straight forward from the console to block it ! Erik Alejos Agustí

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel