Intrusion Prevention

SMB.Psexec.Detection

Description

This indicates the detection of attacks using Metasploit psexec module, which uses a valid administrator username and password to upload arbitrary executable and create a new service using it.

Affected Products

Any Windows system

Impact

System Compromise: Remote attackers can execute arbitrary code within the context of the application.

Recommended Actions

The signature's action can be set to "Block" to prevent this attack.