Nightly Microsoft Windows Scans Scheduled to Start March 4 | Information Technology | University of Pittsburgh
!

Nightly Microsoft Windows Scans Scheduled to Start March 4

Tuesday, March 3, 2020 - 10:49

 

On Tuesday, Jan. 14, Microsoft stopped supporting Windows Server 2008 and Windows 7 operating systems, as we announced in our November 2019 alert

Beginning Wednesday, March 4, between 1 and 6 a.m. and repeating nightly for the next several months, Pitt Information Technology will conduct port and OS identification scans of all server, DMZ, and lab networks to identify and remediate systems using these operating systems. Workstation networks may be scanned at any time during the test dates. All scanning activity will come from the following IP address–10.200.9.0/24.

Please notify your users and Help Desk personnel that Symantec Endpoint Protection may post warnings of an attack during these port and OS scans.  Some possible warnings include:

  • Attack: SMB double pulsar ping detected (SID: 21331)
  • OS Attack: SMB Validate Provider Callback… (SID: 30011)
  • OS Attack: Microsoft SMB MS17-010 disclosure attempt… (SID: 23875)

If your department uses another vendor’s antivirus or endpoint security suite on its servers or workstations, you may see different warnings. 

Additional information is available on our website at technology.pitt.edu/windows7.

Please contact the 24/7 IT Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.