Overview
Manual Scan of the target computer from the LanGuard console displays 'Error (1,5) Access is denied' and 'NULL session refused' during the SMB probing step.
Solution
During the SMB probing phase of the scan, Languard tries to open an SMB null session to the target, which is rejected. This is caused by one of the network security policies, which, if left in its default setting (undefined), causes the null session to be denied.
To remedy this, on the target machine:
- Open the Local Security Policy (
gpedit.msc
). - Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
- Double click the policy named "Network access: Shares that can be accessed anonymously" and enter any share name. It doesn't have to be a real share name - as long as the list is not empty, the null session is accepted.
- Restart the machine.
Testing
Repeat the Manual Scan of the target machine and verify that the error is no longer there. If the issue persists, contact GFI LanGuard Support.