Author Topic: SMB:BruteForce <- what is this?  (Read 3904 times)

0 Members and 1 Guest are viewing this topic.

Offline slama1304

  • Newbie
  • *
  • Posts: 12
SMB:BruteForce <- what is this?
« on: November 07, 2020, 03:07:55 PM »
I keep getting this notifications ...
What does it means?
Thanks

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69424
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SMB:BruteForce <- what is this?
« Reply #1 on: November 07, 2020, 03:12:21 PM »
Win 8.1 [x64] - Avast PremSec 21.2.2453.Beta#4 [UI.601] - EEK - Firefox ESR 78.8 [NS/uBO/PB] - TB 78.8
Avast-Tools: Secure Browser 88.2 - Cleanup P 21.1 - SecureLine 5.9 - Driver Updater 21.1 - CCleaner 5.77
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline slama1304

  • Newbie
  • *
  • Posts: 12
Re: SMB:BruteForce <- what is this?
« Reply #2 on: November 07, 2020, 04:28:42 PM »
Can't idiots on the other side see I have Windows 10 Home edition that doesn't have Remote Desktop?

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84607
  • No support PMs thanks
Re: SMB:BruteForce <- what is this?
« Reply #3 on: November 07, 2020, 05:02:44 PM »
Can't idiots on the other side see I have Windows 10 Home edition that doesn't have Remote Desktop?

Did you actually read all of that topic link you were given ?
Especially my question relating to Windows 10 Home version, which doesn't have the Remote Desktop function, duplicated below.

How does this impact/benefit anyone with Windows 10 Home version, which doesn't have the Remote Desktop function.

If your system doesn't have Remote Desktop enabled (e.g., because it is running Windows 10 Home, or you have disabled it manually), the shield will have no effect at the moment. There might be new supported protocols/methods of access in the future.

Given this was from June 2020, I guess the future could have arrived, but then read on.

And an extract of Reply #16 by    Jakub Dubovic
Quote from:    Jakub Dubovic
The new version of the Remote Access Shield scans not only incoming RDP connections, but also incoming SMB connections. SMB protocol is another common attack vector. It seems likely that the TV uses the protocol to communicate with the PC, or maybe just scans the network for other compatible devices. When we detect multiple unsuccessful SMB connections over a period of time, it triggers the brute force attack detection.

SMB scanning can be turned off in Avast settings, but it will compromise your computer's security. I will look into it and try to come up with a solution to this issue - there are multiple reports of devices that repeatedly unsuccessfully to try connect using SMB and trigger the detection alerts.

So your SMB alert isn't directly linked to the Win10 Home OS not having the Remote Desktop function.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline slama1304

  • Newbie
  • *
  • Posts: 12
Re: SMB:BruteForce <- what is this?
« Reply #4 on: November 07, 2020, 05:50:14 PM »
I don't have anything on my network accept the computer that gets the alerts.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84607
  • No support PMs thanks
Re: SMB:BruteForce <- what is this?
« Reply #5 on: November 07, 2020, 09:48:42 PM »
It doesn't necessarily need to be something attached to your network, but without any information on the alert/s (a screenshot might help) it is hard to say without more information.

For instance I got come of these SMB vulnerability notifications on doing a network scan.  I used to have  USB stick attached to my Router to enable file transfer between systems connected to the network.  The router software used SMB1 as the protocol and early versions of the SMB protocol were vulnerable to exploit.  Windows actually disables SMB1 because of this vulnerability, but users could turn it back on.

As soon as I removed that USB Stick, notifications ceased.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 4673
  • Whatever will be, will be.
Re: SMB:BruteForce <- what is this?
« Reply #6 on: November 08, 2020, 05:37:56 AM »
As the URL shown in your screenshot is global IPv4 one, I guess you connect your computer to the Internet directly (without router) and set your firewall profile (Avast or Windows) to private.
In that configuration indiscriminate attacks happening on the Internet directly reaches to your computer, triggering Avast alerts.

If it is the case, I suggest to change your firewall profile to public, or buy a decent router to avoid direct connection.
Main: Win10 Pro 20H2 64bit / Core i5-7400 3.0GHz / 16GB RAM / Avast 21 Premier Beta / Evorim Free Firewall (testing)
Mobile: Win10 Pro 20H2 32bit, Vista SP2 32bit / Core 2 Duo SU9300 1.2GHz / 4GB RAM / Avast 20 Free / Windows Firewall Control

Avast の設定について解説しています。よろしければご覧ください。