hello,
wannacry ransomware piracy brought me here.
So i want to disable smb1 as a proactive measure (i read many advices to do that).
However, i didn't found it in "start/control panels/programms/turn windows features on or off".
Here's my question ? Why smb1 doesn't appear here? Is this ok ? It's already disabled ?
stillw7 (and happy)
thanks for reading
laptop asus
windows 7 ultimate
Simply disabling the service will effectively remove the vulnerability, but at the cost of losing the ability to share folders, it's not the optimal choice at all.
The best course of action is to apply the security patch that fixes the bug and prevents the spread of the virus without disabling anything. You need to download KB4012212 and apply it to get rid of the vulnerability. You can download from the link or though Windows Update.
If you still want to disable SMBv1 altogether, go to start => type services.msc => find the "server" service, stop it and set it to disabled. It doesn't appear in the Windows features because SMBv1 isn't a feature, is a protocol, and the server service is what implements it.
Last edited by Alejandro85; 15 May 2017 at 05:24. Reason: Fixed link
Hey Aexandro85,
thank you so much for your reply.
It's crystal clear, easily understandable and helpful.
I read a lot of things on the internet, but always more complicate.
Problem solved.
Sorry but I had to sign up just to respond to this as it's quite a way off the mark
I'll agree that installing the KB4012212 hotfix is definitely the best way to go
But in terms of your original question
Disabling the server service as advised above totally disables SMB and as also mentioned above it's correct that you'll lose the ability to share files
But there is no need for a measure that extreme
There are three "dialects" for SMB
The vulnerability applies to SMB1
SMB 2 and SMB3 are not affected
So as long as you have a version of Windows that supports the newer SMB versions you can disable SMB1 (basically anything higher than Windows XP and Windows Server 2003)
Microsoft has a comprehensive write up of how to do it here
https://support.microsoft.com/en-gb/...windows-server
It IS a feature that you can you enable/disable in Windows 8.1, Windows 10, Windows 2012 R2, and Windows Server 2016
For everything else it's a couple of commands or a registry entry
note you have the option for disabling SMB1 for;
the server (a computer where files are shared from)
the client (a computer used to access files on a server)
A windows machine can be both of these things so you have the option of disabling one or the other (i've done both on my networks)
Knock on effects to consider....
Some devices only use SMB 1 (photocopiers that do scan to folder, older NAS devices, etc)
Any questions feel free to ask...
It's also worth noting...
Disabling SMB1 will not protect you from wannacry ransomware
This vulnerability is how wannacry spread so fast across big networks (such as the NHS)
Once it's on your PC (through traditional methods ransomware uses) it'll look for vulnerable SMB servers it can use to spread
If you've got a single PC then making this change won't protect your system any more than it was before (unless for some mad reason you've got your PC exposed directly to inbound traffic from the Internet...but you'd have bigger problems if that were the case!)
Last edited by andynine; 01 Jun 2017 at 16:59.
Most of the ransomware was company pcs as they scan for the problem and if they find an opening then it attacks on a home network it cant do that from the internet if your behind a nat router so a lot of home users were safe. If it got in from some other way then it would spread to home network
Quote