GEN:SID 1:2177
Message NETBIOS SMB startup folder unicode access
Summary This event is generated when an attempt is made to access a system
folder via SMB.
Impact Serious. This folder contains important operating system information.
Detailed Information This event indicates that an attempt was made to access a folder
containing important operating system files using SMB across the
network.
Affected Systems Microsoft Windows systems.
Attack Scenarios If this folder is accessible via SMB the attacker can replace or view
important operating system files.
Ease of Attack Simple.
Corrective Action Check the host for signs of system compromise.

Turn off file and print sharing on the target host.

Use a packet filtering firewall to disallow SMB access to the host from
sources external to the protected network.
Additional References