What is SMB1
Server Message Block (SMB) is a local network file sharing protocol designed for sharing data, printers, etc. between computers. SMBv1 is the formative iteration of the protocol which has since been replaced by SMBv2 and SMBv3. However, SMB1 is still enabled by default in Windows simply to cater for specific older software which hasn’t been updated to support SMB2 or SMB3.
As is the case with many older protocols, SMB1 has proven to be highly insecure. This was clearly demonstrated during the recent WannaCry and Petya ransomware epidemics which were spread by exploiting vulnerabilities in the ancient SMB1 protocol. You can check through a list of applications that still require SMBv1 here. If you’re not running any of these applications – and you most likely aren’t – you should disable SMB1 as soon as possible.
How To Disable SMB1 in Windows 8 and 10
Microsoft will be disabling SMB1 by default starting with the Windows 10 Fall Creators Update. Sadly, it took a ransomware epidemic to spur Microsoft into making this change – better late than never, right? In the meantime, if you haven’t yet installed the Fall Creators Update, SMB1 is easily disabled in Windows 10 or 8:
- Go to Control Panel > Programs and Features
- From the left-hand panel, click Turn Windows features on or off
- Scroll through the list and locate “SMB 1.0/CIFS File Sharing Support”
- Uncheck this option to disable the feature and click OK.
You’ll be prompted to restart your system – do so and the change will then take effect.
How to Disable SMB1 in Windows 7
Unfortunately, the above option is not available in Windows 7 and disabling SMB1 requires editing the registry.
Standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems. That said, you should always back up the Registry and your system before making any changes. If you don’t know how to back up your Registry, you can read about it here.
- Open the Registry Editor by clicking the Start button and typing “regedit”
- Click “regedit” in the results and give permission to make changes to your PC
- In the Registry Editor, use the left sidebar to navigate to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
- Now, you’re going to create a new value inside the Parameters subkey.
- Right-click the Parameters key and choose New > DWORD (32-bit) Value.
- Name the new value SMB1
- The DWORD will be created with a value of “0”, which is exactly what you want. “0” means SMB1 is disabled, so… all done.
Close the registry editor and restart your PC for the changes to take effect.
FOOTNOTE: Even if you do happen to be running one of the older affected programs included in Microsoft’s list, I would strongly advise looking for an alternative up-to-date program as a replacement and then disabling SMB1.
—
Thank you Jim for this alarming discovery. Check out more at,
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
as this vital information was posted September 16, 2016 by NedPyle [MSFT].
Very nice of MS to take over 1 year to make a patch for Windows 10 (their flag ship operating system), and doing nothing for their older operating systems.
Microsoft deserves 5 bricks, Mindblower!
SMB 1.0/CIFS File Sharing Support is still installed by default in Windows 10 Fall Creators Update on the one laptop I installed it on. The version ID is Version 1709 (OS Build 16299.19)
The problem with doing this (which I did) is that you seem to lose basic network browsing between the machines on your network. I believe this disablement kills and deletes the Computer Browser service and I use that a lot to quickly copy files from one machine to another. Unless Jim you know other ways to get this service back…
Seems to be true I can map a network drive and access it I just can’t see my other computers in the Network folder in Windows 10 after disabling SMB 1.0
According to Microsoft; the Computer Browser service is specific to SMB1 and, when you remove the SMB1 file sharing support feature, the Computer Browser service is also removed because it is no longer required.
Seems this type of behavior is occurring randomly, my guess would be maybe older routers which are still relying on the SMB1 protocol.
Jim,
I’m not running Fall Creators and by following your instructions it turned out that it was already shut off on my PC, but thanks for the warning anyway.
Dan
Thank you for this invaluable article!