Audit and Remediation: How to Protect Against the WDigest Protocol Exploit

Audit and Remediation: How to Protect Against the WDigest Protocol Exploit

Environment

  • Carbon Black Cloud Console: All Versions
    • Audit & Remediation
  • Carbon Black Cloud Sensor: All Versions
  • Microsoft Windows: XP or Later

Objective

To identify devices that could be exploited using the WDigest Protocol

Resolution

  1. Login to the Carbon Black Cloud console
  2. Navigate to Live Query > New Query > Recommended tab
  3. Locate the query entitled, "Credential Theft Hardening - WDigest"
  4. Select "Run" to run it immediately against all endpoints.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-21-2021
Views:
80
Contributors