At a glance:
| ID | 35203 |
| Created | May 16, 2013 |
| Updated | Sep 25, 2020 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | drop |
| Active |
|
| Affected OS | Windows |
| Affected App | Other |
Legend
| Enabled/Available |
|
| Disabled/Not Avaliable | 
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2019-10-03 | 14.699 | *Sig Added |
| 2019-10-04 | 14.700 | *Sig Added |
Refine Search
Intrusion Prevention
SMB.Psexec.Detection
Description
This indicates the detection of attacks using Metasploit psexec module, which uses a valid administrator username and password to upload arbitrary executable and create a new service using it.
Affected Products
Any Windows system
Impact
System Compromise: Remote attackers can execute arbitrary code within the context of the application.
Recommended Actions
The signature's action can be set to "Block" to prevent this attack.