Eternal Blue checker help?

[Hydra 0]

Failed to get version of 'C:\WINDOWS\system32\Drivers\srv.sys'.
We are unable to tell if your computer is vulnerable.
I get this message every time I use the eternal blue checker, how to check manually or fix this?

[Marcos 4,935]

I'd suggest using Procmon to find out if tool gets access denied on the file. Did you run the tool as an administrator?

[Hydra 0]

On 11/20/2020 at 2:03 AM, Marcos said:

I'd suggest using Procmon to find out if tool gets access denied on the file. Did you run the tool as an administrator?

Yes I ran as admin but it continues to show, also what is Procmon, and how do I fix this?

[Marcos 4,935]

You can create a Procmon log as per https://support.eset.com/en/kb6308. Ie. start logging with Procmon, run the tool, stop logging and save the Procmon log.

[itman 1,630]

I can verify the tool no longer works on Win 10 20H2.

Believe the issue is the driver it is attempting to verify, C:\WINDOWS\system32\Drivers\srv.sys, no longer exists. In 20H2, it is named srv2.sys.

Guess tool needs to be updated in that if it can't find srv.sys, you also are not vulnerable to EternalBlue.

[Hydra 0]

So my pc is 20H2 right? Does that mean its patched?

[itman 1,630]

8 hours ago, Hydra said:

So my pc is 20H2 right? Does that mean its patched?

Yes.

Here's a Microsoft article detailing Windows versions vulnerable to EternalBlue: https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed

Also I realized why srv.sys no longer exists on my device. Windows will auto remove SMBv1 10 days after installation if it is not used. Additionally if srv.sys exists on later Win 10 installations, you are not vulnerable since this driver has been patched against this exploit.