Microsoft Windows 10 uses port 445 for direct TCP/IP MS networking access. It doesn't require the NetBIOS layer. Port 445 is related to SMB (Service Message Block) which is an application layer network protocol basically used for file sharing, printer, and serial ports sharing. Security researchers admit that port 445 is vulnerable to security attacks and should be blocked or disabled. Last year (2017) the WannaCry Ransomware used the port 445 exploit to gain control over targeted computers.
So, suppose if your computer is connected to an intranet and SMB is enabled then this kind of ransomware will spread like wildfire to other connected computers. Keeping the port 445 open simply means that you are giving access to your computer's hard drive to anyone who has access to the port 445 on your computer. So, it's better to disable this vulnerable port in Windows 10.
Note: If your firewall is managed by your antivirus then Windows Defender firewall gets disabled. If it is disabled then the above two tutorials of blocking the port 445 will not work. If this is the case then skip the above tutorial and follow the tutorials below.
You have successfully blocked SMB server and port 445 in Windows 10 that will prevent various malicious and ransomware attacks. And most of all your computer is now not accessible on TCP port 445 which means your hard drive's data is safe from unauthorized access. No tutorial will guarantee 100% security. We also recommend you use a good antivirus that is at least not free.
So, suppose if your computer is connected to an intranet and SMB is enabled then this kind of ransomware will spread like wildfire to other connected computers. Keeping the port 445 open simply means that you are giving access to your computer's hard drive to anyone who has access to the port 445 on your computer. So, it's better to disable this vulnerable port in Windows 10.
How to Disable SMB Port 445 in Windows 10
- To disable SMB first go to 'Settings>Apps>Programs and Features'.
- Click 'Turn Windows features on or off'.
- Here find 'SMB 1.0/CIFS File Sharing Support', and 'SMB Direct'.
- If they are checked then uncheck them. Then click 'OK'.
- If you are using Windows Firewall on Windows 10 then go to control panel and open Windows Defender Firewall with Advanced Security.
- If you are unable to find this then use the Windows search box and type 'firewall'. Click the first option to open the Windows Defender Firewall.
- Click 'Advanced settings'. Now click 'Inbound Rules' and then click 'New Rule' in the right side pane.
- Select 'Port' and click 'Next'.
- In this step make sure 'TCP' and 'Specific local ports:' are selected. Enter 445 in 'Specific local ports'. Then click 'Next'.
- In the next step select 'Block the connection' and click 'Next'.
- In this step make sure to check 'Domain', 'Public', and 'Private'. Then click 'Next'.
- Now in this final step name your new rule and click 'Finish'.
Add a Firewall Rule for Blocking Port 445 via Command Prompt
Open a command prompt as admin and type this following command.netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_Port-445"The above command will add a rule named 'Block_Port-445' in Windows Defender Firewall to block TCP port 445.
Note: If your firewall is managed by your antivirus then Windows Defender firewall gets disabled. If it is disabled then the above two tutorials of blocking the port 445 will not work. If this is the case then skip the above tutorial and follow the tutorials below.
Disable SMB in Windows Registry
You should add one registry key to disable SMB in Windows 10 registry. Simply copy the text and paste it into notepad.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters]Before adding the value backup your Windows 10 registry. Now save the file as 'smb.reg'. Here .reg is the registry extension. Double-click this file to add the key in the registry.
"SMBDeviceEnabled"=hex(b):00,00,00,00,00,00,00,00
Disable LanmanServer Service
To effectively block port 445 on Windows 10 you should disable the 'Lanman Server'. To disable it open 'Services'. Simply press Windows key + R to open the Run dialog and type 'services.msc'. Here look for 'Server'. Right click on it and select 'Properties'. In 'Startup type' select 'Disabled' and stop the service if it is running. Click 'OK' and close the 'Services' window. Restart your computer.How to Check if TCP Port 445 is Closed or Open
After restarting your PC open command prompt and type 'netstat -an'. It will show the list of open TCP and UDP ports. Make sure that port 445 and 139 shouldn't be on this list. To confirm this we used Avast Internet Security's Wi-Fi inspector as an SMB vulnerability scanner and found that the port was properly closed after applying the above tutorial.You have successfully blocked SMB server and port 445 in Windows 10 that will prevent various malicious and ransomware attacks. And most of all your computer is now not accessible on TCP port 445 which means your hard drive's data is safe from unauthorized access. No tutorial will guarantee 100% security. We also recommend you use a good antivirus that is at least not free.
You May Also Read
Get Blog Updates Via Email Subscribe Now
Please check your email for the verification link. Click on the verification link to start your email newsletter subscription.
No comments:
Post a Comment