A halfway decent IT can configure their network to block any outside exploit of SMB v1. Microsoft's purpose in turning off SMB v1 was to block malware coming from outside the local network/domain. The only time I had any problems with SMB scan to folder using SMB v1 was the start of the school year following Microsoft's release of the patch. A small number of copiers stopped scanning to folder. On checking their settings I found each one had one of the following problems:
- Spelling error on the Domain name.
- Destination was set to IP Address.
- First DNS was not the primary DNS for the MFP.
Scan destination was to personal folders on one of their servers. In all three cases Active directory did not recognize the sender as part of the domain.
FTP can be equally as vulnerable as SMB v1. That is why many major corporations will not allow you install FTP of any type on their networks.Used filezilla server or scan to email or update firmware on machine to support smb 2 or 3
Windows 10 tip: Stop using the horribly insecure SMBv1 protocol | ZDNet
Most likely after a future MS 10 update that feature as well as smb1 will be removed and permanently disable
It's clear you don't know crap about networking. Filezilla ftp server install on a local pc is COMPLETELY SAFE, it's not an external FTP site. If you got a Konica machine you can use Konica's ftp utility. SMB1 Has been BANNED by any IT tech or company per MS and the recent security problems worldwide. Future updates from MS will remove any option to even turn smb1 back on.
Sometimes you have to read.
Stop using SMB1 | Storage at Microsoft
Microsoft Offers More Advice on Disabling Windows SMB 1 -- Redmondmag.com
Last edited by bsm2; 04-21-2018 at 11:39 PM.
We get it, SMB V1 is bad. We all know this by now. Not that I do not agree with you. There are some customer's and IT that do not want an FTP protocol on their network no matter how secure you can prove it is. I have used it in a pinch, so nothing against Filezilla. Being another program it will use more computer resources, though on a properly working computer it is not noticed, and is another point of failure. Where I work we are not supposed to install additional utilities such as this as they do not come from the manufacture. We are then obligated to support it because we installed it. Notice I'm going against general company policy to get a customer scanning here. Sometime you just have to do what you have to do to get the job done. Also if a customer has a machine that does not support SMBV1 chances are their scanning will be limited as the machine may not support more secure email either. Each network and customer is different.
If SMBV1 has to be enabled to get a machine scanning try firmware first. Most newer machines, past 3 maybe 4 years, have firmware to fix this problem. Some machines you might be ablate Telnet into to turn SMBV2/V3 on. I have done this with several Ricoh type machines. If these do not work and FTP, email, and HDD scanning is out of the question make sure the customer is fully aware of any risk's there is enabling SMBV1. Best thing to do would be to have something in writing and or have the customer enable SMBV1 themselves. Myself I have not seen a computer get infected through SMBV1. I'm sure it has happened but is such a rarity that most will not be infected. But there is always that chance so enable at your own risk.
Another option if machine is to old to support firmware update to smb 2 or 3 would be to replace machine with a new model.
I have printed the list and I am failing to locate the SMB Client version. Perhaps I am missing something. I have attached the print out for your kind review.MPC4000.Network Interface Settings.pdf
There is no SMBv2/v3 for this model. It's old enough they might not release any firmware for it as they just released smbv2/v3 firmware for the MPC4502/5502 machines...
Bookmarks