The WannaCry ransomware halted thousands of computers around the world in the spring of 2017. TCP port 445 was mostly used to infect the virus. The user only requires access to it in very rare circumstances, but the computer is always listening to it. Today, here we learn what is the need for port 445 and why we should close it, if not required.
TCP port 445 is used for direct TCP/IP MS Networking access that does not require the use of a NetBIOS layer. This service is available in Windows, beginning with Windows 2000 and Windows XP. In Windows NT/2K/XP, the SMB (Server Message Block) protocol is used for file sharing, among other things. It ran on top of NetBT (NetBIOS over TCP/IP, ports 137, 139, and 138/UDP) in Windows NT. Microsoft enabled the ability to execute SMB directly over TCP/IP without the extra layer of NetBT in Windows 2000/XP. TCP port 445 is used for this.
The SMB (Server Message Block) can also carry transaction protocols for inter-process communication that is authenticated. Port 445 is utilized on top of a TCP stack by newer versions of SMB (after Windows 2000), allowing SMB to interact over the Internet. This also implies that you can utilize IP addresses to use SMB-like file sharing.
Server Message Block (SMB) is a data fabric and network file sharing protocol. SMB is utilized by billions of devices across multiple operating systems, including Windows, macOS, iOS, Linux, and Android. SMB is used by clients to access data on servers. This enables file sharing, centralized data management, and reduced storage requirements for mobile devices. It is also used by servers in the Software-defined Data Center for tasks like clustering and replication.
Depending on the application, TCP Port 445 may interact via a predefined protocol. A protocol is a collection of codified rules that describe how data is transmitted across a network. Consider it the language used by computers to let them converse more efficiently.
The Transmission Control Protocol (TCP) is used on TCP port 445. TCP is one of the most common protocols used in TCP/IP networks. TCP guarantees data delivery as well as packet delivery on port 445 in the same sequence in which they were transmitted.
WannaCry used legacy versions of Windows machines running an out-of-date version of the SMB protocol. It is a network worm with a transport mechanism that allows it to spread autonomously.
What do I require the TCP 445 for?
TCP 445 is an important port because it is used by default for all SMB communication. While port 139 is formally known as “NBT over IP,” port 445 is the equivalent for SMB (“Server Message Block”), i.e., “SMB over IP.” SMB is frequently referred to as the “Common Internet File System.”
Windows uses it for various functions since SMB serves as the network protocol at the application level. It is in charge of, in the midst of other things, shared printer admittance, Microsoft DS file sharing, and other sorts of network connection (including, for example, NetBIOS). On the other hand, older programs, for the most part, require this interface.
For What reason should port 445 be disabled to ensure safety?
For direct TCP/IP MS networking connectivity, Microsoft Windows 10 uses port 445. It does not necessitate the use of the NetBIOS layer. Port 445 is associated with SMB (Service Message Block), an application layer network protocol that is mostly used for file sharing, printer sharing, and serial port sharing. Port 445 is vulnerable to security assaults, according to security researchers, and should be deactivated.
There are several claims on the Internet and at Microsoft that port 445 has severe flaws and is thus vulnerable to hacking assaults. Malicious software can also infiltrate it, hence it is normally advised to deactivate it. However, it will also prevent you from file and printer sharing, thus you may need to allow the port in the internal firewall to use such sharing services.
Disable TCP port 445 in Windows 7/10 or 11
Use this tried and tested one to disable TCP port 445 in Windows 10 or 11.
Run Command Prompt as Administrator
Type following two commands
sc stop lanmanserver sc config lanmanserver start=disabled
To check whether port 445 is listening by the system or not, if you get an empty result then you successfully blocked it.
netstat -n -a | findstr "LISTENING" | findstr ":445"
Of course, the above method should be used if you don’t require the port at all. Whereas if you require it sometimes, then alternatively, you can use your firewall to safeguard it. To accomplish this, configure them so that no outbound traffic is permitted through the open port. Although all services remain operational, however, accidentally entered malware would be unable to connect to the Internet or other computers.
1. Open Windows Defender Firewall with Advanced Security.
2. Select Inbound or Outbound Rules as per your requirement from the left side panel.
3. Find “File and Printer Sharing (SMB-In)” Private and Domain. Double click on them and then select “Block the connection”.
4. Now, right-click on these two rules and enable them.
How To Determine whether TCP port 445 is open or closed
After restarting your computer, launch the command prompt and enter ‘netstat -an‘. It will display a list of all open TCP ports. Make certain that ports 445 are not on this list. To confirm this, we can further utilize Avast Internet Security’s Wi-Fi inspector as an SMB vulnerability scanner and discovered that the port had been appropriately closed after following the tutorial above.
You have successfully limited the SMB server and port 445 in Windows 10 or 11, preventing harmful and ransomware assaults. Most importantly, your computer is no longer accessible via TCP port 445, which means the data on your hard drive is safe from unauthorized access. However, no tutorial can ensure complete security., thus, we also urge that you use a good antivirus program that is not free.
There is a widespread notion that an open port is hazardous. This is largely due to a lack of knowledge about how open ports work, why they are open, and which ones should not be open.
To interact across the Internet, open ports are required. An open port, on the other hand, can be problematic if the service listening on it is misconfigured, unpatched, exposed to exploits, or has low network security standards.
Vulnerable ports, such as the one used by the SMB protocol, are the most dangerous open ports, and they are enabled by default in some operating systems.