My workplace recently got hit with a variant of the Emotet trojan and we found that it spread itself over the network via the default admin shares in Windows. As part of the disinfection process, the first thing we do is cut off the admin shares and restart, then clean up the PC.
My question is regarding what other issues we might expect to find after disabling those admin shares?
I know from a tech support standpoint it makes our job in IT a little harder because we can't just open \\pcname\c$ any more. So far, we have one legacy application (Dictaphone) that is throwing file access errors after turning off the shares. Another user says they are unable to scan from their Brother multifunction printer. We have a few hundred PC's on our network and they are all running either Windows 10 or Windows 7.
Since enabling them is a default Windows setting, we are concerned about the long term effects of this like crippling some application functions, etc. I wanted to throw this question out there to the experts to see if you know of background processes or services that utilize the shares and how much more trouble we might be creating for ourselves.