Disabling SMBv1 on Windows computers and servers

[#if smallImage??] [#if smallImage?is_hash] [#if smallImage.alt??] ${smallImage.alt} [/#if] [/#if] [/#if]

As mentioned on different blogs and sites including Ethiocert website (Wannacry Ransomware), WannaCry ransomware and other variant are targeting a vulnerability in SMB protocol, which windows use to share resources between computers. So beside updating and patching system we strongly recommend to disable SMBv1 protocol on your systems to avoid being exploited incase other hosts are infected in the network.

So there are clear instructions on Microsoft blog (https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012) on how to disable for different versions of windows. We have compiled some of the commands on this site into a script and uploaded here. You can find the specific disabling scripts below

  • SMB client disable for windows vista, windows server 2008, windows 7, windows server 2008 R2, windows 8 and windows server 2012 (script)
  • SMB server disable for windows 8 and windows server 2012 (script)
  • SMB sever for others than the above (reg file)
  • All the other versions not mentioned here have "Turn Windows features on or off" options.
  1. Click on the Search option and search for "Windows Features" and you will see the result as "Turn Windows Feature on and off."
  2. Upon clicking the option, the following screen will be prompted (SMB 1.0/ file sharing support).
  3. Now uncheck the box  SMB 1.0/ file sharing support

Instruction on how to run the script

Please run the scripts using administrator privilege, otherwise it might not work.

  1. Disable the Antivirus on the system
  2. unzip the script
  3. Right click the script
  4. Click on Run as administrator on SMB disable batch files

Run both server and client scripts matching your operating system's version on your machine

Do NOT forget to restart your system for the changes to take effect.

 

How to disable SMB protocols on Windows vista and XP

Turn On or Off File and Printer Sharing in Windows Vista and XP

       1. Open Control Panel.

       2. Choose Network and Internet (Vista) or Network and Internet Connections (XP) if you're in category view or skip down to Step 3 if you see             the  Control Panel applet icons.

       3. In Windows Vista, choose Network and Sharing Center.

           In Windows XP, choose Network Connections and then skip down to Step 5.

       4. From the left pane, choose Manage network connections.

       5. Right-click the connection that should have printer and file sharing turned on or off, and select Properties.

       6. In the Networking (Vista) or General (XP) tab of the connection's properties, check or uncheck the box next to File and Printer Sharing for Microsoft Networks.

       7. Click OK to save the changes.