Wednesday, August 30, 2017

Disable SMBv1 & Protect Your PC From Attack


How to Disable SMBv1 and Protect Your Windows PC From Attack


The WannaCry and Petya ransomware epidemics both spread using flaws in the ancient SMBv1 protocol, which Windows still enables by default (for some ridiculous reason). Whether you’re using Windows 10, 8, or 7, you should ensure SMBv1 is disabled on your PC.

What Is SMBv1, and Why Is It Enabled By Default?

SMBv1 is an old version of the Server Message Block protocol Windows uses for file sharing on a local network. It’s been replaced by SMBv2 and SMBv3. You can leave versions 2 and 3 enabled—they’re secure.
The older SMBv1 protocol is only enabled because there are some older applications that haven’t been updated to use SMBv2 or SMBv3. Microsoft maintains a list of applications that still require SMBv1 here.
If you’re not using any of these applications—and you probably aren’t—you should disable SMBv1 on your Windows PC to help protect it from any future attacks on the vulnerable SMBv1 protocol. Even Microsoft recommends disabling this protocol unless you need it.

How to Disable SMBv1 on Windows 10 or 8

Microsoft will disable SMBv1 by default beginning with Windows 10’s Fall Creators Update. Sadly, it took a huge ransomware epidemic to push Microsoft to make this change, but better late than never, right?
In the meantime, SMBv1 is easy to disable on Windows 10 or 8. Head to Control Panel > Programs > Turn Windows features on or off. You can also just open the Start menu, type “Features” into the search box, and click the “Turn Windows features on or off” shortcut.
Scroll through the list and locate the “SMB 1.0/CIFS File Sharing Support” option. Uncheck it to disable this feature and click “OK”.
You’ll be prompted to restart your PC after making this change.

How to Disable SMBv1 on Windows 7 by Editing the Registry

On Windows 7, you’ll have to edit the Windows registry to disable the SMBv1 protocol.
Standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems. That said, if you’ve never worked with it before, consider reading about how to use the Registry Editor before you get started. And definitely back up the Registry (and your computer!) before making changes.
To get started, open the Registry Editor by hitting Start and typing “regedit.” Press Enter to open Registry Editor and give it permission to make changes to your PC.
In the Registry Editor, use the left sidebar to navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Next, you’re going to create a new value inside the Parameters subkey. Right-click the Parameters key  and choose New > DWORD (32-bit) Value.
Name the new value SMB1 .
The DWORD will be created with a value of “0”, and that’s perfect. “0” means SMBv1 is disabled. You don’t have to edit the value after creating it.
You can now close the registry editor. You will also need to restart your PC before the changes take effect. If you ever want to undo your change, return here and delete the SMB1 value.

Download Our One-Click Registry Hack

If you don’t feel like editing the registry in Windows 7 yourself, we’ve created two downloadable registry hacks you can use. One hack disables SMB1 and the other re-enables it. Both are included in the following ZIP file. Double-click the one you want to use, click through the prompts, and then restart your computer.
These hacks just do the same thing we recommend above. The first creates the SMB1 key with a value of 0, and the second removes the SMB1 key. With these or any other registry hacks, you can always right-click the .reg file and select “Edit” to open it in Notepad and see exactly what it will change.
If you enjoy playing with the Registry, it’s worth taking the time to learn how to make your own Registry hacks.

More Information About Disabling SMBv1

The above tricks are ideal for disabling SMBv1 on a single PC, but not across an entire network. Consult Microsoft’s official documentation for more information about other scenarios. For example, Microsoft’s documentation recommends rolling out the above registry change using Group Policy if you want to disable SMB1 on a network of Windows 7 machines.

No comments:

Post a Comment