Scenario:
Will disabling File and Printer Sharing protocol in individual Network Adapter Settings act as a primary defense against Wannacry (SMB/EternalBlue based exploit)?
I was just wondering if this method actually worked for shared file system propagation exploit systems. Can someone confirm/clarify if this work?
Let me post a documented answer to respond the question (or at least mostly).
It is informed in the Microsoft Security detailed report that for those legacy systems without updated Windows Defender, neither the updated patch kb4012598 has been applied yet, there are only two workarounds:
- Disable SMBv1 ...
- Block incoming SMB traffic on port 445 ...
I believe the above answer from MS should answer your question.
PowerShell:
$netBTParametersPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters"
IF(Test-Path -Path $netBTParametersPath) {
Set-ItemProperty -Path $netBTParametersPath -Name "SMBDeviceEnabled" -Value 0
}
Set-Service lanmanserver -StartupType Disabled
Stop-Service lanmanserver -Force
More details How to disable feature that opened port 445 on windows by PowerShell
