Microsoft Networks

This category includes File and Print Sharing.

Microsoft operating systems and Samba clients rely on Common Internet File System (CIFS), a protocol for sharing files and printers. However, this protocol is also widely used by worms as a means of propagation.

You can configure how CIFS worms should be handled.

File Print and Sharing Fields

In this field…	Do this…
Action	Specify what action to take when a CIFS worm attack is detected, by selecting one of the following: Block. Block the attack. None. No action. This is the default.
Track	Specify whether to log CIFS worm attacks, by selecting one of the following: Log. Log the attack. None. Do not log the attack. This is the default.
CIFS worm patterns list	Select the worm patterns to detect. Patterns are matched against file names (including file paths but excluding the disk share name) that the client is trying to read or write from the server.

In this field…

Do this…

Action

Specify what action to take when a CIFS worm attack is detected, by selecting one of the following:

Block. Block the attack.
None. No action. This is the default.

Track

Specify whether to log CIFS worm attacks, by selecting one of the following:

Log. Log the attack.
None. Do not log the attack. This is the default.

CIFS worm patterns list

Select the worm patterns to detect.

Patterns are matched against file names (including file paths but excluding the disk share name) that the client is trying to read or write from the server.