We are trying to secure our environment against the SMBv1 exploits that are being flagged by nessus. (https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-i... ) (Stop using SMB1 | Server Storage at Microsoft )
We attempted disabling SMBv1 on one of our ADFS Hosts that MWG connects to - after reboot it was unable to communicate with it.
Is there a reliance on SMBv1 that can be circumvented with a configuration change or is this a issue with the product?
See KB89350 -- MWG requires SMBv1 to be active on your ADFS or Domain Controller.
This is a ridiculous requirement, especially in light of Microsoft encouraging everyone to turn off the legacy protocol. Hopefully the MWG team is working to support SMBv2 or later.
The McAfee Web Gateway NTLM integration does currently require SMBv1 to be enabled on the domain controllers used for authentication. McAfee is actively working on an integration using SMBv2 but that will take at least several months. In the interim there are many secure authentication options for our customers that would enable them to disable rather than patch SMBv1 on many or all DCs.
The cloud service never interacts directly with AD so it is unaffected by the disabling of SMBv1.
Official McAfee KB article here https://kb.mcafee.com/agent/index?page=content&id=KB89350