Can EventSentry detect the ZeroLogon attack?

Article ID: 440
Category: Security
Applies to: 4.2.3
Updated: 2020-11-19

EventSentry can detect both successful and unsuccessful ZeroLogon attacks by examing various event patterns on domain computers. To use this package:

  • Download the package using the link shown below
  • Open the EventSentry management console
  • Click on "Packages"
  • Click on "Import"
  • Select the "ZeroLogon" package