SMB Remote Disk Scanning for Executable Files Protection

Some malware like virus Win32.Pate.A and its variants spread from one infected system to another by sending SMB requests for lists of executable files on SMB shared disks. When the files are identified the virus is capable of modifying the files to infect the target system.

Server Message Block (SMB), also known as Common Internet File System (CIFS), operates as an application-layer network protocol used by Microsoft Windows clients to provide access to shared Windows resources such as files and printers. On internal networks SMB traffic can account for the majority of traffic passed between hosts.

Check Point integrated IPS products SmartDefense and the IPS Software Blade provide immediate protection by detecting and blocking malicious SMB search requests for executable files. For more information, see CPAI-2010-081 and SBP-2010-20.