ransomware virus

he recent WannaCry ransomware outbreak spread because of a vulnerability in one of the internet’s most ancient networking protocols, Server Message Block version 1 (aka SMBv1).

smbv1 wannacry ransomware

Your PCs that run Windows 10 were protected from that exploit, but that doesn’t mean you’ll be so lucky the next time.

In the interests of implementing a comprehensive, multi-layer security policy, Microsoft recommends that you disable the SMBv1 protocol completely. The world has already moved on to SMBv3, and there’s no excuse for continuing to let that old and horribly insecure protocol run on your network.

To permanently remove SMBv1 support from Windows 10, use either of these two approaches.

Open Control Panel (just start typing Control in the search box to find its shortcut quickly). Click Programs, and then click Turn Windows features on or off (under the Programs heading). Clear the check box for SMB 1.0/CIFS File Sharing Support, as shown here. That’s it; you’re protected.

(Note that you can use that same procedure in Windows 8.1. For Windows 7, you can’t remove SMBv1, but you can disable it using the instructions in this article: How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server.)

As an alternative in Windows 10, open a Windows PowerShell prompt with administrative privileges. In the Windows 10 Creators Update, version 1703, right-click the Start button and choose Windows PowerShell (Admin) from the Quick Link menu.) If you’re running an earlier Windows 10 version, enter Windows PowerShell in the search box, then right-click the Windows PowerShell shortcut and click Run as administrator.

From that elevated PowerShell prompt, type the following command:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Press Enter and you’re done.

On a Windows domain, of course, you can use Group Policy. Full instructions (along with links to help management understand why this is a good idea) are in this Microsoft TechNet article: Disable SMB v1 in Managed Environments with Group Policy.

Disabling SMBv1 shouldn’t have any effect on modern, fully updated hardware. Some consumer-grade network attached storage devices use this protocol by default, but a firmware update or a change in settings might allow you to change it to something more secure. Unfortunately, some older database programs and even new devices such as those from Sonos require SMBv1.

If you discover that you have an app or a network device that won’t work without this feature, use Control Panel to turn the feature back on. Then consider whether that app or device is worth the impact on your network security and whether it’s time to look for a replacement.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.