<div>
With the increased ransomware attacks and due to most recent WannaCry ransomware hiccup, Microsoft has recommended users to disable the outdated SMBv1 protocol from their systems. As SMBv1 is much older technology so it is highly vulnerable and can be easily used by ransomware attackers to target the victim machines. However, Microsoft also recommends that you do not leave SMBv2, SMBv3 disabled, otherwise it will break functionality of your Windows.<br />
<br />
<a href="https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/" rel="ugc">HERE </a>you can see thousands of reasons why it's not recommendet to use SMBv1 in Win10.
</div>


<div>
Thanks Cliff. Could you recommend a good method when the time comes to remove SMB1? Would Powershell be the way to go?
</div>


<div>
You can disable SMBv1 using PS or via Turn Windows Features On or Off
</div>


<div>
Right on. I'll research which machines still have it and remove it.
</div>


<div>
<blockquote>
Among the new ports used by Windows 2000 is TCP port 445 which is used for SMB over TCP. The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2000/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.
</blockquote>
</div>


<div>
@McKnife: Given the OP asked about security though, I chose to answer that question in that context. &nbsp;Even if *no* devices on the network use SMB1, as long as it is on the client and the client uses SMB2/3, it can be exploited with zero ports open. &nbsp;The client can attempt to establish an SMB2/3 connection to a server/printer/whatever, and someone can easily exploit a MitM attack, causing the client to renegotiate down to SMB1, and then intercept/edit/sniff the payload because the original connection was outbound, bypassing any firewall blocked ports.<br />
<br />
There are several demonstrated and known exploits that use such methodology, and the nature of SMB negotiation and the presence of SMB1 makes them impossible to stop/circumvent as long as SMB1 is present. &nbsp;The mitigation for such attacks is the removal of SMB1.<br />
<br />
-Cliff
</div>


<div>
A worthwhile read (including auditing info if you want to be cautious)<br />
<br />
<a href="https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/" rel="ugc">https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/</a>
</div>


<div>
Cliff, please distinguish between incoming an outgoing connections. There is an SMB/CIFS client and SMB/CIFS server component.<br />
I am not going on, I am tired of it. Writing what you wrote to me (to my mind) assumes that I am some kind of loser, IT security wise, which I am not, and you should really know that by now.<br />
<br />
My comment was made to make the author aware how things work. &quot;Who is being a server component&quot;, to start with?<br />
Please don't reply, I am sick of it.
</div>


<div>
I would write a PM, but I think saying this publicly is important for others as well, to avoid any misunderstanding in the future.<br />
<br />
I wasn't assuming or even implying that you are an IT security loser, or any other kind of loser. &nbsp; Your comment was very short, and could be easily misinterpreted. I know I had that thought when I read it, and I *know* what you meant, and your skillset. &nbsp;For an OP, that could be even harder. &quot;Did he just say it is no big deal?&quot; &nbsp;It's a fair think to wonder. &nbsp;For the sake of the OP, I wanted to clarify. It was not a sleight against you *at all.* &nbsp;<br />
<br />
We've all been there. I know what I know, and sometimes I make assumptions when I write because I don't think someone may not have that knowledge. &nbsp;But sometimes my assumptions are wrong and when someone points it out, it's that &quot;Oh YEAAAHHHH&quot; moment. I don't feel like a loser, or that my comment was even wrong. It was just incomplete because it skipped over some knowledge needed to make an informed decision. &nbsp;Peer review in forums is not uncommon and helps get the OP the best answer possible. That was my intent. Nothing more.
</div>


<div>
Ideally SMBv1 is not used or necessary then disable it or remove it. Ransomware exploited that especially it startes off with WannaCry that mitigation taken is disable smbv1 when patch is rolling out. Risk assessment has to be done and if any case it is not disbale or remove, risk acceptance is required by owner. It is an informed decision.<br />
<br />
Legacy system may need SMBv1
<blockquote>
Be careful when making these changes on domain controllers where legacy Windows XP or older Linux and 3rd party systems (that do not support SMBv2 or SMBv3) require access to SYSVOL or other file shares where SMB v1 is being disabled.<br />

</blockquote>
<a href="https://support.microsoft.com/en-sg/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and" rel="ugc">https://support.microsoft.com/en-sg/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and</a>
</div>


<div>
<div class="content wysiwyg-content">
I have been researching removing SMB1 from our Windows 10 Pro x64 computers that still have it and I was wondering the side effects that you have experienced in doing this. I have read that some people have experienced missing drives and other issues doing this. Is it even worth doing as a security stand point? Thanks
</div>
</div>


I have been researching removing SMB1 from our Windows 10 Pro x64 computers that still have it and I was wondering the side effects that you have experienced in doing this. I have read that some people have experienced missing drives and other issues doing this. Is it even worth doing as a security stand point? Thanks

Removing SMB1 From Windows 10 Pro x64

Windows 10 is a personal computer operating system featuring the "universal application architecture" (UAP); apps can be designed to run across multiple devices with nearly identical code, including PCs, tablets, smartphones, embedded systems, Xbox One, Surface Hub and HoloLens. Windows 10 also includes a virtual desktop system, a window and desktop management feature called Task View, the Microsoft Edge web browser, support for fingerprint and face recognition login, voice-based search (Cortana), new security features for enterprise environments, and DirectX 12 and WDDM 2.0 to improve the operating system's graphics capabilities for games.

Windows 10

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.