Page 1 of 3 123 LastLast
Results 1 to 15 of 40
  1. #1
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Hot Springs, Arkansas
    Posts
    347
    Thanks
    291
    Thanked 5 Times in 3 Posts

    Disabling SMBv1 to Prevent WannaCry?

    I read in an article in addition to installing Windows security patches and running a good firewall, disabling SMBv1 is another way to prevent against WannaCry. Should I do this, or should I just leave it enabled since my system is patched and I have firewall protection?

    Thanks!
    Nathan Parker
    President/CEO
    Mallard Computer, Inc.

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,873
    Thanks
    358
    Thanked 629 Times in 526 Posts
    Your choice, it was the alternative/workaround suggested by MS when they released the original patch a month or two ago.

  3. The Following User Says Thank You to satrow For This Useful Post:

    Nathan Parker (2017-05-19)

  4. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    24,151
    Thanks
    5
    Thanked 1,173 Times in 1,026 Posts
    Disabling SMBv1 is probably a good idea anyway. There is a v3 which most people use these days.
    Joe

  5. The Following User Says Thank You to JoeP517 For This Useful Post:

    Nathan Parker (2017-05-19)

  6. #4
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,865
    Thanks
    416
    Thanked 1,576 Times in 1,427 Posts
    Hey Y'all,

    If you want to do this you can use an Admin Level PowerShell session and issue the command:

    Disable-WindowsOptionalFeature -Online -Featurename SMB1Protocol

    Sample Run:
    Code:
    PS> Disable-WindowsOptionalFeature -Online -Featurename SMB1Protocol
    Do you want to restart the computer to complete this operation now?
    [Y] Yes  [N] No  [?] Help (default is "Y"): n
    
    
    Path          :
    Online        : True
    RestartNeeded : True
    I selected No so I could copy out the result. It will take effect on the next reboot.

    Confirmation after reboot:
    SMBv1Off.JPG

    You can renable with the command:
    Enable-WindowsOptionalFeature -Online -Featurename SMB1Protocol -All

    HTH
    Last edited by RetiredGeek; 2017-05-18 at 15:28. Reason: To add confirmation after reboot
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  7. The Following User Says Thank You to RetiredGeek For This Useful Post:

    Nathan Parker (2017-05-19)

  8. #5
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,865
    Thanks
    416
    Thanked 1,576 Times in 1,427 Posts
    Hey Y'all,

    While messing with this I came up with a PowerShell routine that can be used to check the installation status of any Windows Optional Feature.

    Zip File: Get-WindowsOptionalFeatureStatus.zip

    Code:
    #Check Status of Windows Optional Features.
    
    Param (
       [Parameter(Mandatory=$True)]
         [String] $Feature)
     
     $WmiArgs = @{query = "select * from Win32_OptionalFeature " +
                          "where name = '$Feature'"}
     $SMB1Status = (& {Switch ((Get-WmiObject @WmiArgs).InstallState) {
                        1 {"Enabled"}
                        2 {"Disabled"}
                        3 {"Absent"}
                        4 {"Unknown"}
                       }})
    
     $SMB1Status
    Usage: .\Get-WindowsOptionalFeatureStatus.ps1 -Feature "FeatureName"

    Example: PS> .\Get-WindowsOptionalFeatureStatus.ps1 -Feature "SMB1Protocol"

    Note: Feature Names are CASE SENSITIVE!
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  9. The Following User Says Thank You to RetiredGeek For This Useful Post:

    Nathan Parker (2017-05-19)

  10. #6
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,004
    Thanks
    136
    Thanked 804 Times in 643 Posts
    As RG says, the OptionalFeature names are case-sensitive... and not always obvious.

    For example, XPS Viewer's name is Xps-Foundation-Xps-Viewer but XPS Services is Printing-XPSServices-Features, i.e. XPS in upper case.

    I used the following (piped to a text file) to generate an OptionalFeature list that shows the names plus their enabled/disabled status:

    Code:
    Get-WindowsOptionalFeature -Online
    Hope this helps...

  11. The Following 3 Users Say Thank You to Rick Corbett For This Useful Post:

    Nathan Parker (2017-05-19),RetiredGeek (2017-05-19),wavy (2017-05-19)

  12. #7
    4 Star Lounger
    Join Date
    Aug 2011
    Location
    South Africa
    Posts
    558
    Thanks
    60
    Thanked 0 Times in 0 Posts
    I have disabled SMBv1 and noticed that my Thunderbird mail has slowed right down.
    Why would this be, and how could i speed it up again?
    Thanks.

  13. #8
    4 Star Lounger
    Join Date
    Aug 2011
    Location
    South Africa
    Posts
    558
    Thanks
    60
    Thanked 0 Times in 0 Posts
    Thunderbird mail seems fine again.

  14. #9
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,865
    Thanks
    416
    Thanked 1,576 Times in 1,427 Posts
    Hey Y'all,

    Since disabling SMBv1 I've noticed a decided decrease in the time to access my WD NAS the first time after a reboot.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  15. The Following User Says Thank You to RetiredGeek For This Useful Post:

    Nathan Parker (2017-05-19)

  16. #10
    Gold Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,531
    Thanks
    269
    Thanked 165 Times in 154 Posts
    I will likely disable it but after I get Samba on my RaspberryPI playing nicely. I am wondering why MS left it enabled by default.

    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  17. #11
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Hot Springs, Arkansas
    Posts
    347
    Thanks
    291
    Thanked 5 Times in 3 Posts
    When I try to launch PowerShell with Admin privileges (or any program with Admin privileges) at the moment, I cannot get the UAC dialog to appear. Should I try rebooting my computer to see what happens?

    Is there another way to disable this without PowerShell?
    Nathan Parker
    President/CEO
    Mallard Computer, Inc.

  18. #12
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,004
    Thanks
    136
    Thanked 804 Times in 643 Posts
    Quote Originally Posted by Nathan Parker
    When I try to launch PowerShell with Admin privileges (or any program with Admin privileges) at the moment, I cannot get the UAC dialog to appear. Should I try rebooting my computer to see what happens?
    Yes, why not?

    Quote Originally Posted by Nathan Parker
    Is there another way to disable this without PowerShell?
    1. Right-click on Start and choose Run.
    2. Copy/paste explorer shell:::{7b81be6a-ce2b-4676-a29e-eb907a5126c5} into the text box and press Return/Enter.
    3. When the Programs and Features window opens, click on the Turn Windows features on or off link in the left-hand pane.
    4. When the Windows Features list populates (it's usually quite slow the first time this is done), scroll down to SMB 1.0/CIFS File Sharing Support, remove the tick from the checkbox and click on the OK button.

    Once the changes have been applied you will need to reboot for them to take effect.

    Hope this helps...

  19. The Following 2 Users Say Thank You to Rick Corbett For This Useful Post:

    Nathan Parker (2017-05-19),Trev (2017-05-22)

  20. #13
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Hot Springs, Arkansas
    Posts
    347
    Thanks
    291
    Thanked 5 Times in 3 Posts
    Got this disabled. Thanks again!
    Nathan Parker
    President/CEO
    Mallard Computer, Inc.

  21. #14
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,004
    Thanks
    136
    Thanked 804 Times in 643 Posts
    If you continue to have problems with the UAC prompt not displaying, try this:

    1. In the Cortana search box, type UAC.
    2. Click on Change User Account Control settings when it appears in the Search results.

    cortana-uac.png

    3. The default position for the slider is one notch down from the top.

    uac-default.png
    Click to enlarge

    4. Move the slider to the bottom Never notify notch then click on the OK button. (Click on Yes if you get a UAC prompt.)

    5. Re-do steps 1 and 2 but leave the slider at the default position. Click on Yes if you get a UAC prompt.

    Let us know whether this worked to restore the UAC prompts.

    Hope this helps...

  22. The Following User Says Thank You to Rick Corbett For This Useful Post:

    Nathan Parker (2017-05-20)

  23. #15
    5 Star Lounger
    Join Date
    Mar 2011
    Posts
    867
    Thanks
    17
    Thanked 70 Times in 64 Posts
    The WannaCry scare was very interesting (it must have been, to get me out of hibernation). It was scary enough to scare me, anyway. One concrete thing that came out of it in my own case is that I now have a Linux key on my key chain something that anyone in the computer business who deals with the public might find a dandy promotional giveaway if they can be produced cheaply enough.

    One advertisement caught my eye:
    Kaspersky Lab stops WannaCry and other forms of ransomware.

    This was interesting. For one thing, Kaspersky had been installed on my own computers (other than Win 10) before the fact and had been in effect throughout the scare it was only after the uproar that I saw this. The claim seems reasonable, given that Kaspersky helped the Dutch police solve a case involving ransomware two years ago. MS is applying discrete patches for known exploits, but all it would take is an unknown exploit to make things very nasty. If Kaspersky has an algorithm to detect ransomware-like activity that sounds good, and in my own case, my licence will cover my Win 10 computer, on which I intend to install it.

  24. The Following User Says Thank You to dogberry For This Useful Post:

    Nathan Parker (2017-05-20)

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •