Disabling SMB1 on Windows

Products

Windows 10, Windows 2008 R2, Windows 2012 R2, Windows 2016

Description

SMB or Server Message Block is a network file sharing protocol meant for sharing files, printers, etc, between computers. There are three versions – Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2), and SMB version 3 (SMBv3). Microsoft recommends that you disable SMB1 for security reasons – and it is not more important to do so in view of the WannaCrypt or NotPetya ransomware epidemic.

Solution

Disable SMB1 on Windows

To defend yourself against WannaCrypt ransomware it is imperative that you disable SMB1 as well as install the patches released by Microsoft. Let us take a look at some of the ways to disable SMB1 on Windows 10/8/7.

Turn Off SMB1 via Control Panel

Open Control Panel > Programs & Features > Turn Windows features on or off.

In the list of options, one option would be SMB 1.0/CIFS File Sharing Support. Uncheck the checkbox associated with it and press OK.

Disable SMBv1 using Powershell

Open a PowerShell window in the administrator mode, type the following command and hit Enter to disable SMB1:

To disable SMB1 by powershell
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
To Uninstall SMB1 by powershell
Remove-WindowsFeature FS-SMB1

Disable SMB1 using Windows registry

You can also tweak the Windows Registry to disable SMB1.

Run regedit and navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

On the right side, the DWORD SMB1 should not be present or should have a value of 0.

The values for enabling and disabling it are as follows:

  • 0 = Disabled
  • 1 = Enabled

It is recommended to disable SMB version 1 since it is outdated and uses technology that is almost 30 years old.

Says Microsoft, when you use SMB1, you lose key protections offered by later SMB protocol versions like:

  1. Pre-authentication Integrity (SMB 3.1.1+) – Protects against security downgrade attacks.
  2. Insecure guest auth blocking (SMB 3.0+ on Windows 10+) – Protects against MiTM attacks.
  3. Secure Dialect Negotiation (SMB 3.0, 3.02) – Protects against security downgrade attacks.
  4. Better message signing (SMB 2.02+) – HMAC SHA-256 replaces MD5 as the hashing algorithm in SMB 2.02, SMB 2.1 and AES-CMAC replaces that in SMB 3.0+. Signing performance increases in SMB2 and 3.
  5. Encryption (SMB 3.0+) – Prevents inspection of data on the wire, MiTM attacks. In SMB 3.1.1 encryption performance is even better than signing.