18

I'm trying to disable services that I do not need, to improve latency and improve security.

I found that port 445 is still open by doing telnet on localhost and port 445. As I do not need port 445, I would prefer to close it.

How can I find out who is listening on port 445 and how do I disable it?

Note that I do not want to block port 445 using the firewall or something like that, but want to disable the program that has port 445 open.

harrymc
  • 498,455
Oleg Vazhnev
  • 853

6 Answers6

19

I would like to extend this answer

Port 445 in Windows is by default used by "Server" service (real name is "lanmanserver") to provide file sharing via SMB protocol. To prevent Windows from listening on this port you need to stop and disable this service.

  1. You need to have Admin rights or be able to elevate to admin.
  2. Open command prompt as Administrator.
  3. Type sc stop lanmanserver, press Enter.
  4. For some reason at this point the port will still be active (from my experience, did this today). You need to reboot the system to prevent it from listening on the port, but the service will restart after reboot, so you need to disable it from starting:
  5. Type sc config lanmanserver start=disabled, press Enter.
  6. Reboot.
  7. Verify in command prompt with netstat -n -a | findstr "LISTENING" | findstr ":445", it should print a blank line, meaning that nothing is listening on the port. (command may vary for non-English versions of Windows, not sure, you may need to change "LISTENING" to a translated variant)

There are various reasons to free port 445 in Windows, one of them is imo quite interesting and it is to allow SMB tunneling through SSH - when Windows does not use the port you now can tell Putty / Cygwin'ed SSH to use it and forward to a remote host via a secure connection - then you can access the remote fileshare securely via \\localhost.

Community
  • 1
Dmitrii Sutiagin
  • 331
7

Following is just quotation of two different sources which I used to successfully disable port 445 on Windows XP machines. I was closing port 445 and 135, 137 - 139, so I followed all instruction in the article and it worked for me.

General information about port 445 (archive link)

Among the new ports used by Windows 2000 is TCP port 445 which is used for SMB over TCP. The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2000/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.

At its simplest NetBIOS on your LAN may just be a necessary evil for legacy software. NetBIOS on your WAN or over the Internet, however, is an enormous (read foolish...) security risk. All sorts of information, such as your domain, workgroup and system names, as well as account information is obtainable via NetBIOS. It really is in your best interests to ensure that NetBIOS never leaves your network.

If you are using a multi-homed machine i.e. more than 1 network card, then you should disable NetBIOS on every network card, or Dial-Up Connection under the TCP/IP properties, that is not part of your local network.

How to disable port 445

To disable Port 445:

Add the following registry key:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters Name: SMBDeviceEnabled Type: DWORD (REG_DWORD) Data: 0

Don’t forget to restart your computer after disabling the above ports for effect. Also, to check that those ports are disabled, you can open a command prompt and type netstat -an to confirm that your computer is no longer listening to those ports.

(the registry keys are different for Windows 7 onwards, see this Microsoft article)

Gras Double
  • 1,140
  • 1
  • 14
  • 21
VL-80
  • 4,693
1

Start-run-services.msc, disable Server service.

Damir
  • 151
1

Use TCPView to find out which program is listening on port 445.

If the listener is svchost.exe, this is then a system service. To guess which one, note down its PID, go to Task Manager, tab Services and click on PID to sort by it. There will be several services with this PID, and all of them are candidates. If you cannot decide which one, post the names of the candidate services so we can comment on them.

Please note that an open port does not need to have a listener. A port is called "open" when it is not blocked by the firewall.

harrymc
  • 498,455
0

PowerShell:

$netBTParametersPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" 
IF(Test-Path -Path $netBTParametersPath) { 
    Set-ItemProperty -Path $netBTParametersPath -Name "SMBDeviceEnabled" -Value 0 
} 
Set-Service lanmanserver -StartupType Disabled 
Stop-Service lanmanserver -Force

More details How to disable feature that opened port 445 on windows by PowerShell

frank
  • 1,874
0

Port 445 = SMB = Printer and File Sharing. So disable the file sharing in the network connection options to close the port.

magicandre1981
  • 99,606