Recent ransomware attacks, including WannaCry and Petya, both wreaked havoc on hundreds of thousands of PCs around the globe, taking advantage of a flaw found in the old SMBv1, which still comes enabled by default on Windows 10.
SMB is a network file sharing protocol that Windows 10 uses to allow apps to read and write to files, as well as to perform services requests for another device on the network. There are three versions of SMB, but version 1 is the only one affected; versions 2 and 3 are not vulnerable.
If your computer is not running applications that require the use of this protocol, it's recommended to disable SMBv1 completely to prevent future malicious attacks that could use this vulnerability.
In this Windows 10 guide, we walk you through the steps to disable the SMBv1 protocol to make your device less vulnerable to attacks.
How to disable SMBv1 protocol on Windows 10
To disable the vulnerable protocol on Windows 10, follow these steps:
Note: Before proceeding, make sure to save all your work and close any running applications.
- Open Start.
- Type Turn Windows features on or off and click the result.
- Clear the SMB 1.0/CIFS File Sharing Support option.
- Click OK.
- Click Restart now.
Once you've completed the steps and your machine reboots, SMBv1 will no longer present a threat to your system.
Microsoft is expected to remove this protocol with the Windows 10 Fall Creators Update, but in the meantime, you can use these steps to prevent your device from getting compromised.
You can also follow our other recommendations to keep your Windows 10 device even protected against malware.
While this guide is focused on Windows 10, you can also use these steps to disable SMBv1 on Windows 8.1, Windows 7, and older versions of the OS, which aren't likely to get an update that removes the three-decade-old protocol.
More Windows 10 resources
For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:
- Windows 10 on Windows Central – All you need to know
- Windows 10 help, tips, and tricks
- Windows 10 forums on Windows Central
Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.
Here is a doc that tells you how to disable all versions of smb in most versions of Windows. It is NOT recommended to disable versions 2 and 3. Also disabling smb v1 on windows server 2k3 and xp breaks alot (including access to obtain gpos in a domain environment!) since it cant use the higher versions of smb. https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disab...
If anyone is using XP they are vulnerable to other unpatched security flaws. No one in their right mind should be using XP as windows 7 is way, way better.
Obviously but a lot of companies have legacy apps that they can't migrate off of those old boxes so they have to account for them. On the consumer side I completely agree with you but corporate and enterprise don't always have that luxury.
I don't even see this SMBv1 Protocol in the list of features (Dutch W10-version)
I read one of the Hub posts about the insider previews stating that if you clean install Windows 10 fall update builds, the option to enable SMBv1 won't even appear as a Windows feature. I think the instructions in this article only apply to folk who upgraded from the creators update, which will admittedly be most people when it launches. Edit: found it here - https://blogs.windows.com/windowsexperience/2017/06/21/announcing-window..., in the notes for build 16226 in June. Under "Improvements for IT Pros". If you clean installed any of the insider builds it's unlikely you'll even see it there, and it'll be unable to be re-enabled.
How would I know if I have something that requires it?
If you turn it iff and then something doesn't work that would be a good sign it is required for your apps.
Thank you again Mauro for the handy article :).
Something to remember is that most, if not all Networked Printers still run on SMBv1 (for compatibility with older and other OSes.)
Lots of other devices that "support" Windows SMB run on SMBv1, especially "appliances" like routers (for sharing USB drives) and networkable USB drives and even some NAS systems.
Don't even get me started on Internet of Things devices........
NOTE: It doesn't affect the printing (that runs on LPT standards) but I'm talking about storage in the printer which many like Konica, HP, Cannon, etc. support.
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.