Symantec Management Platform (Notification Server)

 View Only

  • 1.  SMB1 on Altiris Servers

    Posted May 23, 2021 07:15 PM
    Hi all,

    The cybersecurity department have notified us that Windows 10 clients are accessing to Altiris Servers via SMB v1.0.

    Is it possible to disable SMB1 protocol on Altiris servers without affecting the normal operation of the platform?

    SMB1 on W10 clients are disabled and we use Altiris 8.5

    Than you so much.


  • 2.  RE: SMB1 on Altiris Servers

    Broadcom Employee
    Posted May 24, 2021 12:33 AM
    Hi Eduardo Jimenez!

    You can disable SMB1, because it is required to share/publish packages via UNC
    NS Software package access TCP (SMB) Outbound 445 Optional access to software pacakges which are accessible only via UNC. AexSvc, W3SVC

    https://knowledge.broadcom.com/external/article/184952/ports-and-protocols-for-symantec-it-mana.html

    Just make sure that you have HTTP, HTTPs package sharing enabled (UNC can be disabled to avoid unnecessary requests for packages by clients, Package Servers) on "Package Server Settings" page, therefore Package Servers and clients will be able to get packages via HTTP, HTTPs

    Best regards,
    IP.



    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------

    Original Message


  • 3.  RE: SMB1 on Altiris Servers

    Broadcom Employee
    Posted May 24, 2021 02:33 AM
    Altiris agent uses whatever SMB protocols are enabled in the system, the agent does not select SMB protocol to use, Windows does the selection.
    So you can disable SMB1 without a problem. If SMB2 or SMB3 are enabled then agent will use those, if those are disable then agent will use HTTP/S
    Original Message