IT | Security

Leverage Reach to Secure your Remote Devices

The recent increase in remote working has made it more difficult to follow common best practices and deploy urgent patches, as devices are often not connected to the corporate network. With Absolute Reach, you can deploy scripts and ensure they’re executed on end user devices. So you can enforce Windows updates, configure endpoints and take security actions across all your endpoints — whether they’re on or off the corporate network.

To introduce you to Reach’s capabilities, this page will take you through a relevant and pressing use case on Windows devices.

On March 12th, 2020, Microsoft released a patch for a security vulnerability, affecting Windows 10 build versions 1903 and 1909, related to the remote execution of Microsoft Server Message Block v3 (SMBv3). Absolute Reach allows you to mitigate the risk associated with the SMBv3 remote execution vulnerability until you have successfully deployed the patch on affected devices.

Follow the steps below to run the appropriate workflow.

Run Enable or Disable SMBv3 Compression Script

1. Deploy Absolute

If you are a new Absolute customer, you first need to setup your account, activate the agent and verify your devices.

Follow our step-by-step guide to get started.

2. Select Reports Menu

Log into the Absolute console and select the “Reports” icon on the left-hand panel.

Dashboard

3. Choose Windows SMBv3 Vulnerability

Select the “Windows SMBv3 Vulnerability” report under “Hardware Assets”.

SMBv3 Vulnerability

4. Select Devices

The report only shows devices that are affected by the SMBv3 vulnerability (i.e. devices having Windows 10 build version 1903 or 1909).

Select the specific devices on which you would like to run the Reach workflow and choose “Run Script”.

run scripts

5. Select Enable or Disable SMBv3 Compression Script

Through the “Run Script” wizard, search for and select the “Enable or Disable SMBv3 Compression” script.

Select Scripts

6. Configure Script

On the script’s configuration window, choose to disable SMBv3 compression to mitigate the risks associated with the vulnerability by typing “disable” in the textbox shown below. Then, scroll down and select “Next”.

Script Configuration

Script Configuration

7. Confirm Devices

Confirm the devices on which you would like to run the Reach script and select “Run Script”.

Confirm Devices

NOTE: Once you have successfully deployed the patch published by Microsoft to fix the vulnerability across your devices, you can enable SMBv3 compression by rerunning the script whilst typing “enable” (instead of disable) in the textbox described in step 6 (i.e. under Configure script).

Explore Other Reach Workflows

To explore and run other Reach scripts associated with common asset management and security best practices, go to the “Assets” menu on the left-hand side of the console. Choose specific devices and select the “Run Script” action on top of the page. Explore and run up to 120 prebuilt scripts or create a custom one through the wizard shown below.

Select Script

Set Script Configurations

Additional Resources

For more content on leveraging Reach to run automated workflows across your remote devices, visit the Learning Hub and Absolute Help.

For additional queries about Reach or Absolute, contact Absolute Support.

Visit Absolute Resources to learn more about Absolute’s Endpoint Intelligence, Resilience and Remediation capabilities.

Contact Absolute to learn more about Resilience and our licenses.