SMB.Psexec.Detection

description-logoDescription

This indicates the detection of attacks using Metasploit psexec module, which uses a valid administrator username and password to upload arbitrary executable and create a new service using it.

affected-products-logoAffected Products

Any Windows system

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary code within the context of the application.

recomended-action-logoRecommended Actions

The signature's action can be set to "Block" to prevent this attack.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-10-04 14.700 Sig Added
2019-10-03 14.699 Sig Added