Hi,
About 3 weeks ago my company was hkacked using psexe and pskil. I would like to block these apps but i cant find them in application controle.
Can you help me?
Michel V
This thread was automatically locked due to age.
Hi,
About 3 weeks ago my company was hkacked using psexe and pskil. I would like to block these apps but i cant find them in application controle.
Can you help me?
Michel V
Hello Michel Vaillancourt,
Thank you for reaching out to the community, psexe and pskil uses uses TCP ports 135 and 445.
So you can simply create a drop/reject rule for the desired networks !
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
psexec is detected as PUA since 2006.
What psexec basically does isn't really rocket science - any decent malware writer could come up with its basic and abused functionality in minutes. That a know tool is used stems from the fact that it's often used for system administration, software deployment and things like that. There's a chance that it is white-listed. But as I mentioned that it uses the ports 135 and 445 blocking those in your network can help !
There is no command straight forward from the console to block it ! Erik Alejos Agustí
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
psexec is detected as PUA since 2006.
What psexec basically does isn't really rocket science - any decent malware writer could come up with its basic and abused functionality in minutes. That a know tool is used stems from the fact that it's often used for system administration, software deployment and things like that. There's a chance that it is white-listed. But as I mentioned that it uses the ports 135 and 445 blocking those in your network can help !
There is no command straight forward from the console to block it ! Erik Alejos Agustí
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.