In recent times it has been discovered that the SMB (Server Message Block) version 1 of Windows has become responsible for major security problems such as the Wannacry malware (which Microsoft patched in March 2017) or a more recent problem that allows hackers to take advantage of Chrome and SMB to steal the Windows login password (which Google will have to patch soon, see here). Although these flaws are usually resolved, since the SMB version 1 protocol (there are also versions 2 and 3 that do not have security problems) is a service that serves no purpose for most people, as also in Windows 10 is enabled by default, SMB v1 in Windows 10, 7, 8 and in Windows Server versions is well worth disabling or removing entirely .
Before disabling or removing SMB v1, it is worth checking if our network is actively using it so as to be sure that by turning it off or eliminating it there will be no problems in the functioning of the computer.
In Windows 10, 8.1 and 7 you can check this using Powershell.
Then look for Powershell from the Start menu, open it and run the command in Powershell
Set-SmbServerConfiguration –AuditSmb1Access $ true
Alternatively, go to the Event Viewer, always accessible with a search from the Start menu, then open Service and Application Logs> Microsoft> Windows> SMBServer> Audit and check if there is any activity.
Generally speaking, unless the computer is connected to other computers on a network where Windows Server 2003 or Windows XP PCs are present, then SMB v1 is not used.
To disable the SMB Version 1.0 server service you can always open Powershell in Windows 10, Windows 7 and Windows 8.1 (press on it with the right mouse button and run it as administrator) and run the command:
PowerShell Get-SmbServerConfiguration EnableSMB1Protocol
Note in the list that follows the command if the EnableSMB1Protocol entry is true.
In this case, run the command to set it to false.
Set-SmbServerConfiguration -EnableSMB1Protocol $ false -Force
To remove SMB v1 instead run the command in Powershell:
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -Remove
Immediately after it has finished, restart your computer.
With the command Get-WindowsOptionalFeature -Online you can check if SMB has been removed.
You can also remove SMB v1 from Windows 10, 7 and 8 using the utility to add and remove Windows functions.
Then go to the Control Panel, then to Programs and Features (window to uninstall a program), then left click on Activate deactivation of Windows functionality .
In the general list, locate " Support for SMB 1.0 / CIFS file sharing ", remove the selection and press OK.
Then restart your computer.
Although it would not be necessary, it is also possible to remove SMB v1 Client from the command prompt.
Then run an administrator command prompt (always from the Start menu) and run these two commands:
sc.exe config lanmanworkstation depend = bowser / mrxsmb20 / nsi
sc.exe config mrxsmb10 start = disabled
As an alternative to all this, it is possible to secure Windows from SMB problems by using the Firewall and blocking incoming traffic.
As seen in the guide to block ports on Windows, open the Windows Firewall from the Start menu, then from the left side, click on Incoming connection rules and press New rule at the top right.
A rule must be added by blocking the ports 137, 138, 139, 445 (write them on the field of the doors to be blocked also all divided by a comma).
