Check or Attack Name: Network Monitor

The Microsoft Network Monitor (NetMon) program has a weakly decrypted password in a DLL file. Access to this file would allow an attacker to gain access to the network monitor.

Disable the Network Monitor Agent and remove the BHSUPP.DLL file from %systemroot%\system32. If the Network Monitor is required, use a hard to guess password.

To disable the Network Monitor agent, follow these steps:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. Select the Network Monitor service and click Stop.
3. Click Startup.
4. Select the Disabled startup type.
5. Click OK.

—AND—

Remove BHSUPP.DLL from %systemroot%\system32.