The recent increase in remote working has made it more difficult to follow common best practices and deploy urgent patches, as devices are often not connected to the corporate network. With Absolute Reach, you can deploy scripts and ensure they’re executed on end user devices. So you can enforce Windows updates, configure endpoints and take security actions across all your endpoints — whether they’re on or off the corporate network.
To introduce you to Reach’s capabilities, this page will take you through a relevant and pressing use case on Windows devices.
On March 12th, 2020, Microsoft released a patch for a security vulnerability, affecting Windows 10 build versions 1903 and 1909, related to the remote execution of Microsoft Server Message Block v3 (SMBv3). Absolute Reach allows you to mitigate the risk associated with the SMBv3 remote execution vulnerability until you have successfully deployed the patch on affected devices.
Follow the steps below to run the appropriate workflow.
Run Enable or Disable SMBv3 Compression Script
1. Deploy Absolute
If you are a new Absolute customer, you first need to setup your account, activate the agent and verify your devices.
Follow our step-by-step guide to get started.
2. Select Reports Menu
Log into the Absolute console and select the “Reports” icon on the left-hand panel.
3. Choose Windows SMBv3 Vulnerability
Select the “Windows SMBv3 Vulnerability” report under “Hardware Assets”.
4. Select Devices
The report only shows devices that are affected by the SMBv3 vulnerability (i.e. devices having Windows 10 build version 1903 or 1909).
Select the specific devices on which you would like to run the Reach workflow and choose “Run Script”.
5. Select Enable or Disable SMBv3 Compression Script
Through the “Run Script” wizard, search for and select the “Enable or Disable SMBv3 Compression” script.
6. Configure Script
On the script’s configuration window, choose to disable SMBv3 compression to mitigate the risks associated with the vulnerability by typing “disable” in the textbox shown below. Then, scroll down and select “Next”.
7. Confirm Devices
Confirm the devices on which you would like to run the Reach script and select “Run Script”.
NOTE: Once you have successfully deployed the patch published by Microsoft to fix the vulnerability across your devices, you can enable SMBv3 compression by rerunning the script whilst typing “enable” (instead of disable) in the textbox described in step 6 (i.e. under Configure script).
Explore Other Reach Workflows
To explore and run other Reach scripts associated with common asset management and security best practices, go to the “Assets” menu on the left-hand side of the console. Choose specific devices and select the “Run Script” action on top of the page. Explore and run up to 120 prebuilt scripts or create a custom one through the wizard shown below.
Additional Resources
For more content on leveraging Reach to run automated workflows across your remote devices, visit the Learning Hub and Absolute Help.
For additional queries about Reach or Absolute, contact Absolute Support.
Visit Absolute Resources to learn more about Absolute’s Endpoint Intelligence, Resilience and Remediation capabilities.
Contact Absolute to learn more about Resilience and our licenses.