ManageEngine Endpoint Central helps you to protect your computers from WannaCrypt ransomware. After detecting the computers that are vulnerable, Endpoint Central lets you identify the computers that are missing critical patches and then deploy those patches immediately. You can also use Endpoint Central's firewall configuration to block the vulnerable ports so that you can prevent WannaCrypt from spreading across your network. WannaCrypt ransomware targets computers that are out of date, so you will have to verify that all the critical security patches are deployed on all the computers. Endpoint Central has already released the security patches below. You can now be assured that your network is secure from WannaCrypt ransomeware attack.

Download free e-book: Six best practices for escaping ransomware

Which computers are targeted?

WannaCrypt ransomware is a worm that targets computers running Windows operating systems that are not up-to-date. Refer this article for more details on the ransomware and its effects.

For computers running Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008 and Windows 8:

How do you secure the network from WannaCrypt using Endpoint Central?

You can secure your network from WannaCrypt by following the steps:

1. Deploy the critical patches to the respective computers
2. Disable SMBv1 protocol

Deploying the critical patches to respective computers 

1. Ensure that you Patch Vulnerability database is up to date. To update, click Patch Mgmt >> Update Now in the bottom left
2. After syncing the database, scan the managed computers. To scan click Patch Mgmt >> Scan Systems >> Scan All.
3. You can detect if these patches are missing by following these steps: Click Patch Mgmt >> Choose All Patches >> Choose Applicable Patches(Detailed View) >> Search 'WannaCrypt' in the Patch Description box >> You can identify the computers that are missing the critical patches or already have the patches installed on them.
   

Disable SMBv1 protocol

• For computers running Windows Vista and later versions
• For computers running Windows XP

For computers running Windows Vista and later versions

Disable SMBv1 protocol in machines with Windows vista and above using Endpoint Central by following the steps:

1. Sync your Script Templates. To sync click Configurations >> Script Repository >> Templates >> Sync button.

    

2. Add the script, "WannaCry_DisableSMBV1.bat", to the repository. From the repository, deploy this script as a computer configuration to the desired target machines.

    

3. Ensure that you exclude Windows XP OS in the target.

For computers running Windows XP

Disable SMB vulnerable port using firewall configurations. You can create a firewall configuration and block the following vulnerable ports

• TCP 139
• TCP 445
• UDP 137
• UDP 138

These ports can be blocked using the firewall configuration, as explained below:

1. Open Firewall Configuration 

    

2. Under Windows XP, select ON under Action on Firewall and select Block under Action on Ports. Select the port 137 which needed to be blocked. Block the other ports by clicking on Add More Ports.

   

3. Ensure that you have added all the vulnerable ports as given in the below screenshot and deploy this configuration to Windows XP machines.

   

You can now feel assured that your network is secure from WannaCrypt ransomer attack.
Don't have Endpoint Central? Try our free edition and manage 25 computers and 25 mobile devices for free.

Training video

Faq's

• How to disable SMBv1 protocol? Disable SMBv1 protocol to prevent WannaCrypt from spreading across your network using Endpoint Central:
  Firstly, sync with your Script Repository.
  Download and run WannaCry_DisableSMBV1.bat from Script Templates
  Else, you can use firewall configurations to block vulnerable ports - TCP Ports 139 & 445, UDP Ports 137 & 138.
• How to enable SMBv1 protocol? For enabling, you can use EnableSMBv1.bat.
• What happens when I block these vulnerable ports? These are the ports that need to be blocked - TCP Ports 139 & 445, UDP Ports 137 & 138.
  On blocking, computers will not be able to access shared folders and other SMB services. After you patch all your systems, you can unblock these ports. For unblocking, you can use EnableSMBv1.bat.
• What to do if the same port that is blocked, is used by any other business application? Blocking is just a temporary fix to avoid spreading of this attack within your network. After you patch all your systems, you can unblock these ports.
• I only hear of XP, Vista Client Systems, what we can/must do for Windows 7, 8, 10 Systems? For Windows Vista & above, prevent WannaCrypt from spreading across your network by:
  1) Sync with Script Repository
  2) Download Script "WannaCry_DisableSMBV1.bat" from Script Templates
  3) Deploy this configuration as Computer configuration (Exclude Operating System Windows XP in target)
• I have Endpoint Central 91030 and I'm unable to find the script repository option. You have to upgrade to the latest version of Endpoint Central. For upgrading, https://www.manageengine.com/products/desktop-central/service-packs.html
• Do I need Patch Manager Plus if I have Endpoint Central? When you have Endpoint Central, there is no necessity for Patch Manager Plus. Patch Manager Plus is a stand alone application for patching. On the other hand, Endpoint Central is a complete Enterprise Mobile and Device Management suite.