What if I still need to disable SMBv1 to conform to my internal security standards?
VNX systems are not susceptible to WannaCry because they target Microsoft's SMBv1 server specifically. Dell EMC implementations of SMBv1 are not affected. If you want to prevent your Unified systems from creating
user channels on SMBv1, you can set these parameters.
Please note these params are only available on VNX OE versions 7.1.77 and 8.1.9.155 and Unity OE version 4.1.1 and higher.
1. VNX and older products: From CS using the user nasadmin ssh session:
server_param ALL f cifs m smb1.disabled -v 1
2. Unity (versions 4.1.1 and higehr): root shell is required to set the parameter. Please contact Dell EMC Technical Support or your Authorized Service Partner and quote this Knowledgebase ID.
PLEASE NOTE: THIS ONLY PREVENTS THE DATA MOVER FROM CREATING USER CHANNELS USING SMBv1. The Data Mover will still use SMBv1 to establish secure channel communications with the Domain Controller. If you want to completely stop using SMBv1, see the next section entitled, "What if I want to disable SMBv1 on the Domain Controllers."
What if I want to disable SMBv1 on the Domain Controllers?
Please do not disable SMBv1 on the Domain Controllers unless you are running a supported version of VNX OE or Unity OE:
- VNX2 Systems: 8.1.9.211
- Unity Systems: 4.1.1
- VNX1 Systems: 7.1.80.710
On all versions prior to the ones listed, SMBv1 is required in order to perform secure channel setup with the Domain Controller. Disabling SMBv1 at the Domain Controller level will cause an outage as your CIFS servers will no longer be able to negotiate secure channels with the DCs.
What if I want to block files with certain extensions from being written to the Data Mover?
You can use EMC File Extension Filtering to block these file extensions from being written:
*.wnry, *.wcry, *.wncry, and *.wncryt
Please note we can stop these extensions from being written, but this may not completely stop the virus. Additionally, file filtering does not stop the renaming of files to these extensions, just the writing of new files with these extensions.
Please refer to the
documentation which covers EMC File Extension Filtering for more information.
What happens if I find WannaCry files written on my VNX shares? Does this mean my VNX has been infected?
The VNX and Unity systems are not susceptible to the WannaCry virus. It is possible, however, for WannaCry to infect client machines. If these client machines have mapped drives and have the proper write permissions, they can encrypt files on the NAS shares.
Please take precautions and checkpoint your filesystems. Please refer to the documentation pages for your systems to learn how to enable checkpoints for your NAS filesystems.