Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: slama1304 on November 07, 2020, 03:07:55 PM

Title: SMB:BruteForce <- what is this?
Post by: slama1304 on November 07, 2020, 03:07:55 PM
I keep getting this notifications ...
What does it means?
Thanks
Title: Re: SMB:BruteForce <- what is this?
Post by: Asyn on November 07, 2020, 03:12:21 PM
Hi, see: https://forum.avast.com/index.php?topic=235069.0
Title: Re: SMB:BruteForce <- what is this?
Post by: slama1304 on November 07, 2020, 04:28:42 PM
Can't idiots on the other side see I have Windows 10 Home edition that doesn't have Remote Desktop?
Title: Re: SMB:BruteForce <- what is this?
Post by: DavidR on November 07, 2020, 05:02:44 PM
Can't idiots on the other side see I have Windows 10 Home edition that doesn't have Remote Desktop?

Did you actually read all of that topic link you were given ?
Especially my question relating to Windows 10 Home version, which doesn't have the Remote Desktop function, duplicated below.

How does this impact/benefit anyone with Windows 10 Home version, which doesn't have the Remote Desktop function.

If your system doesn't have Remote Desktop enabled (e.g., because it is running Windows 10 Home, or you have disabled it manually), the shield will have no effect at the moment. There might be new supported protocols/methods of access in the future.

Given this was from June 2020, I guess the future could have arrived, but then read on.

And an extract of Reply #16 by    Jakub Dubovic
Quote from:    Jakub Dubovic
The new version of the Remote Access Shield scans not only incoming RDP connections, but also incoming SMB connections. SMB protocol is another common attack vector. It seems likely that the TV uses the protocol to communicate with the PC, or maybe just scans the network for other compatible devices. When we detect multiple unsuccessful SMB connections over a period of time, it triggers the brute force attack detection.

SMB scanning can be turned off in Avast settings, but it will compromise your computer's security. I will look into it and try to come up with a solution to this issue - there are multiple reports of devices that repeatedly unsuccessfully to try connect using SMB and trigger the detection alerts.

So your SMB alert isn't directly linked to the Win10 Home OS not having the Remote Desktop function.
Title: Re: SMB:BruteForce <- what is this?
Post by: slama1304 on November 07, 2020, 05:50:14 PM
I don't have anything on my network accept the computer that gets the alerts.
Title: Re: SMB:BruteForce <- what is this?
Post by: DavidR on November 07, 2020, 09:48:42 PM
It doesn't necessarily need to be something attached to your network, but without any information on the alert/s (a screenshot might help) it is hard to say without more information.

For instance I got come of these SMB vulnerability notifications on doing a network scan.  I used to have  USB stick attached to my Router to enable file transfer between systems connected to the network.  The router software used SMB1 as the protocol and early versions of the SMB protocol were vulnerable to exploit.  Windows actually disables SMB1 because of this vulnerability, but users could turn it back on.

As soon as I removed that USB Stick, notifications ceased.
Title: Re: SMB:BruteForce <- what is this?
Post by: NON on November 08, 2020, 05:37:56 AM
As the URL shown in your screenshot is global IPv4 one, I guess you connect your computer to the Internet directly (without router) and set your firewall profile (Avast or Windows) to private.
In that configuration indiscriminate attacks happening on the Internet directly reaches to your computer, triggering Avast alerts.

If it is the case, I suggest to change your firewall profile to public, or buy a decent router to avoid direct connection.