On top of patching to remediate against vulnerabilities released by the ShadowBrokers, we have started to disable SMBv1 via group policy.
A possible silly question but I am unable to identify a QID which will return me the SMB offerings of a device. Using the QID for MS17-010 doesn't quite cut it because the patch itself doesn't disable SMBv1 but instead amends how it handles a specially crafted message.
I'd be interested to know if such a QID exists and if not, how are others identifying if a device is offering SMBv1.
Thanks in advance.