What is SMB1
Server Message Block (SMB) is a local network file sharing protocol designed for sharing data, printers, etc. between computers. SMBv1 is the formative iteration of the protocol which has since been replaced by SMBv2 and SMBv3. However, SMB1 is still enabled by default in Windows simply to cater for specific older software which hasn’t been updated to support SMB2 or SMB3.
As is the case with many older protocols, SMB1 has proven to be highly insecure. This was clearly demonstrated during the recent WannaCry and Petya ransomware epidemics which were spread by exploiting vulnerabilities in the ancient SMB1 protocol. You can check through a list of applications that still require SMBv1 here. If you’re not running any of these applications – and you most likely aren’t – you should disable SMB1 as soon as possible.
How To Disable SMB1 in Windows 8 and 10
Microsoft will be disabling SMB1 by default starting with the Windows 10 Fall Creators Update. Sadly, it took a ransomware epidemic to spur Microsoft into making this change – better late than never, right? In the meantime, if you haven’t yet installed the Fall Creators Update, SMB1 is easily disabled in Windows 10 or 8:
- Go to Control Panel > Programs and Features
- From the left-hand panel, click Turn Windows features on or off
- Scroll through the list and locate “SMB 1.0/CIFS File Sharing Support”
- Uncheck this option to disable the feature and click OK.
You’ll be prompted to restart your system – do so and the change will then take effect.
How to Disable SMB1 in Windows 7
Unfortunately, the above option is not available in Windows 7 and disabling SMB1 requires editing the registry.
Standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems. That said, you should always back up the Registry and your system before making any changes. If you don’t know how to back up your Registry, you can read about it here.
- Open the Registry Editor by clicking the Start button and typing “regedit”
- Click “regedit” in the results and give permission to make changes to your PC
- In the Registry Editor, use the left sidebar to navigate to the following key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters
- Now, you’re going to create a new value inside the Parameters subkey.
- Right-click the Parameters key and choose New > DWORD (32-bit) Value.
- Name the new value SMB1
- The DWORD will be created with a value of “0”, which is exactly what you want. “0” means SMB1 is disabled, so… all done.
Close the registry editor and restart your PC for the changes to take effect.
FOOTNOTE: Even if you do happen to be running one of the older affected programs included in Microsoft’s list, I would strongly advise looking for an alternative up-to-date program as a replacement and then disabling SMB1.