Remote Log File Archives broken after SMBv1 disabled

The last I know, SMBv1 has to be enabled.  Please let us know what Sophos Support has to say about this.

Cheers - Bob

Internal testing indicates SMBv1 has to be enabled for the remote log archiving process to work. We're not going to pursue this with Sophos support as the SMBv1 risk appears to have been a bit overblown. We've re-enabled SMBv1 server services on the file server handling our archived logs.

Regards,
Thomas

We're looking at disabling SMB1 on our DCs but when we tested this it broke our UTM AD SSO.  We're still running UTM v 9.4 at the moment.  Can anyone confirm that UTM still needs SMB1 for it's authentication?

Obviously we need to take this seriously because of the "wanna..." ransomware attacks

We're looking at disabling SMB1 on our DCs but when we tested this it broke our UTM AD SSO.  We're still running UTM v 9.4 at the moment.  Can anyone confirm that UTM still needs SMB1 for it's authentication?

Obviously we need to take this seriously because of the "wanna..." ransomware attacks

I can confirm both issues, based on my testings :

1. Disabling SMB1 on the file server broke the remote log archiving (UTM 9.413-4).
2. Disabling SMB1 on DCs (2008 R2) broke SSO AD authentication in FireFox (curiously, no problem with IE for the moment, only Firefox).

thanks.  Yeah we're also running UTM 9.413-4 but it broke for us in IE.  Think we're running 2012 DCs though