NT LAN Manager (NTLM) traffic

Issue abstract: 3rd Party Security Report of NT LAN Manager (NTLM) traffic Vulnerability

Detailed description: Outgoing NTLM traffic to remote servers is not denied, your credentials may be vulnerable to exposure. (Side note: I couldn’t find anything pertaining to NTLM on the Norton support page.)

Product & version number: Norton 360 (Version not shown but it should be up-to-date)

OS details: Edition Windows 11 Pro v. 23H2 OS build 22631.4169

What is the error message you are seeing? No Error Message

If you have any supporting screenshots, please add them:

Hello Stephen, welcome to the new forums boards. If I may ask, what is the 3rd party security audit done by, what software/website, etc?

Are you in a managed or personal network environment?

Connecting to a Windows domain / server?

Are you running the audit with a group policy that allows NTLM management to head off brute force credential attacks?

SA

It was an online audit: acronis dot com using their cyberfit-score-tool.

I’ve used some of their software before and was bored… :slight_smile:

I’m on a personal network.

Your last question is above my head. I’m not familiar with NTLM. I figured it would fall under all the stuff that Norton verifies, just in case; but I couldn’t find any info on NTLM on Norton support.

The report also said that I wasn’t protected by a VPN, but Norton 360 says the VPN is active. Not sure what to think about that.

As a test I ran the audit tool from this site: Hope this helps answer your question

Results: * My opinion is this so called audit is nothing more than a scare tactic for sell-ups. I have a very secured network and no. I do not use a VPN for normal things. Fortunately that is a user choice and good one for those who are experienced.

Regarding the NTLM at the end of the results. Please ignore that as its designed more from those entities who are in a managed environment where, remote work connections and local in house devices are connecting to servers in an IT managed network. Nothing there for anyone to be concerned about.

175/850

#CyberFit Score: Poor

Try some of the suggestions below to improve it

Date scanned: Sep 19, 5:13 PM

0/275

Anti-malware

You don’t have anti-malware protection, your system may be at risk

You should have anti-malware solution installed and enabled on your endpoint or computer to detect malicious software and stay protected from security breaches.

Refer to websites established within the Cybersecurity industry such as AV-Test or AV-Comparatives for a list of recommended anti-malware solutions.

0/175

Backup

No backup solution was found, your data may be at risk

You are recommended to back up your data regularly to prevent data loss or ransomware attacks. Below are some backup solutions that you should consider using:

175/175

Firewall

You have a firewall enabled for public and private networks

It is recommended to enable firewall for your public and private networks to improve your security protection against cyber-attacks on your system carried through the network. Below are provided detailed guides on setting-up your Windows firewall, depending on your security needs and network architecture:

Guides for end-users/employees:

Guides for system administrators and engineers:

0/75

Virtual Private Network (VPN)

No VPN solution was found, your connection to public and shared networks is not secure

It is recommended to use VPN to access your corporate network and confidential data. It is critical to use VPN for communications to be safe and private, especially if you are using complementary Internet access from cafes, library, airport, etc. Below are some VPN solutions that you should consider using.

0/125

Disk encryption

No disk encryption was found, your device is at risk from physical tampering

It is recommended to turn on Windows BitLocker to improve the protection of data and files stored on your physical drives. You can find how to set up Windows BitLocker in the link below:

Guide: How to turn on device encryption on Windows

0/25

NT LAN Manager (NTLM) traffic

Outgoing NTLM traffic to remote servers is not denied, your credentials may be vulnerable to exposure

It is recommended to deny all outgoing NTLM traffic to remote servers for better security protection. You can find out how to change the NTLM settings and add exceptions in the link below:

Guide: Restrict outgoing NTLM traffic to remote servers

Please note that the results also state I do not have malware protection installed. Guess they don’t believe Norton products protect against those lol. I also have Malwarebytes installed but not actively loading when Windows boots. Its a secondary scanner when needed.

SA

Also, Microsoft explains what NTLM is actually used for and to which environments here. Note they are explicit with Windows Server.

SA

Thanks for your help. That explains it pretty well. Is there anything special I should do to show my gratitude? I’m new to online forums/communities.

You are most welcome as always. And nothing special required. Glad we could get you the answer that you were looking for. The lights are always on here in case you need us.

SA