how to disable feature that opened port 445 on windows server?

13

8

I'm trying to disable services that I do not need, to improve latency and improve security.

I found that port 445 is still open by doing telnet on localhost and port 445. As I do not need port 445, I would prefer to close it.

How can I find out who is listening on port 445 and how do I disable it?

Note that I do not want to block port 445 using the firewall or something like that, but want to disable the program that has port 445 open.

javapowered

Posted 2013-08-08T18:46:00.920

Reputation: 773

2And after 4 years, this question's day has come. – BlackPanda – 2017-05-15T06:08:55.733

1

For non-geek people: BlackPanda is referring to the WannaCry ransomware.

– Gras Double – 2017-06-10T21:57:41.870

Answers

7

Following is just quotation of two different sources which I used to successfully disable port 445 on Windows XP machines. I was closing port 445 and 135, 137 - 139, so I followed all instruction in the article and it worked for me.

General information about port 445 (archive link)

Among the new ports used by Windows 2000 is TCP port 445 which is used for SMB over TCP. The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2000/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.

At its simplest NetBIOS on your LAN may just be a necessary evil for legacy software. NetBIOS on your WAN or over the Internet, however, is an enormous (read foolish...) security risk. All sorts of information, such as your domain, workgroup and system names, as well as account information is obtainable via NetBIOS. It really is in your best interests to ensure that NetBIOS never leaves your network.

If you are using a multi-homed machine i.e. more than 1 network card, then you should disable NetBIOS on every network card, or Dial-Up Connection under the TCP/IP properties, that is not part of your local network.

How to disable port 445

To disable Port 445:

Add the following registry key:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters Name: SMBDeviceEnabled Type: DWORD (REG_DWORD) Data: 0

Don’t forget to restart your computer after disabling the above ports for effect. Also, to check that those ports are disabled, you can open a command prompt and type netstat -an to confirm that your computer is no longer listening to those ports.

(the registry keys are different for Windows 7 onwards, see this Microsoft article)

VL-80

Posted 2013-08-08T18:46:00.920

Reputation: 3 867

I tried but it is not working! – AFgone – 2017-05-15T12:21:01.633

Wouldn't disabling port 445 be the same as using a firewall? Fixing a symptom rather than the cause. Instead would disabling just NetBIOS prevent port 445 from opening? Just asking. (If not, maybe the OP really has to disable the port) – nixda – 2013-08-11T14:14:12.393

I was preventing computers in the network to talk to each other using Windows network futures. You know Windows network - it is horrible insecure. One computer has virus and it spreads around (yes, using mentioned above ports). In my case I do not need those computers even to know about existence of each other, but I do still need them to be in the same network segment. So, firewall was not a solution for me. – VL-80 – 2013-08-11T14:19:52.613

i've tried that and it works on windows server 2008 r2 sp1 too. – javapowered – 2013-08-11T15:02:08.750

also I've found this useful article http://ssj100.fullsubject.com/t181-how-to-disable-ports-135-137-139-445-windows-xp

– javapowered – 2013-08-11T15:37:20.443

Agree! This article is in my answer (: Second link. – VL-80 – 2013-08-11T15:38:58.073

@Nikolay oops, spent on this page so much time that forgot how I've found it :) – javapowered – 2013-08-11T15:43:03.330

It is fine! I understand how it is! – VL-80 – 2013-08-11T15:50:13.770

@javapowered Does this mean, you chose to disable the port instead of finding the program which initially opened 445 port? – nixda – 2013-08-11T17:18:16.233

@nixda I believe disable the port and shut down the program which opened it will be same thing here. Port 445 opened by one of the system component by default. – VL-80 – 2013-08-11T17:22:41.637

10

I would like to extend this answer

Port 445 in Windows is by default used by "Server" service (real name is "lanmanserver") to provide file sharing via SMB protocol. To prevent Windows from listening on this port you need to stop and disable this service.

  1. You need to have Admin rights or be able to elevate to admin.
  2. Open command prompt as Administrator.
  3. Type sc stop lanmanserver, press Enter.
  4. For some reason at this point the port will still be active (from my experience, did this today). You need to reboot the system to prevent it from listening on the port, but the service will restart after reboot, so you need to disable it from starting:
  5. Type sc config lanmanserver start=disabled, press Enter.
  6. Reboot.
  7. Verify in command prompt with netstat -n -a | findstr "LISTENING" | findstr ":445", it should print a blank line, meaning that nothing is listening on the port. (command may vary for non-English versions of Windows, not sure, you may need to change "LISTENING" to a translated variant)

There are various reasons to free port 445 in Windows, one of them is imo quite interesting and it is to allow SMB tunneling through SSH - when Windows does not use the port you now can tell Putty / Cygwin'ed SSH to use it and forward to a remote host via a secure connection - then you can access the remote fileshare securely via \\localhost.

Dmitrii Sutiagin

Posted 2013-08-08T18:46:00.920

Reputation: 211

1

Disabling the Server service may have quite unexpected consequences. On my system, it broke Notepad++ with the Light Explorer plugin installed. Trying to start the program wasn't giving any visible window anymore (though it was running, as observable in the task manager).

– Gras Double – 2017-06-11T01:26:37.070

1

Start-run-services.msc, disable Server service.

Damir

Posted 2013-08-08T18:46:00.920

Reputation: 131

2i did it but I still able to connect to port 445 on localhost – javapowered – 2013-08-11T13:34:07.760

1

Use TCPView to find out which program is listening on port 445.

If the listener is svchost.exe, this is then a system service. To guess which one, note down its PID, go to Task Manager, tab Services and click on PID to sort by it. There will be several services with this PID, and all of them are candidates. If you cannot decide which one, post the names of the candidate services so we can comment on them.

Please note that an open port does not need to have a listener. A port is called "open" when it is not blocked by the firewall.

harrymc

Posted 2013-08-08T18:46:00.920

Reputation: 306 093

An open port on a firewall is different from an open port on a computer. A port is open if a listener is present and watching that port for traffic. It is closed if no listener exists. A firewall adds another layer that may allow, block (returning a packet indicating that it's closed), or drop (silently ignore) a packet, but that's separate from whether a port is open or closed at the OS. – NetworkLlama – 2019-09-03T19:34:48.067

0

PowerShell:

$netBTParametersPath = "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" 
IF(Test-Path -Path $netBTParametersPath) { 
    Set-ItemProperty -Path $netBTParametersPath -Name "SMBDeviceEnabled" -Value 0 
} 
Set-Service lanmanserver -StartupType Disabled 
Stop-Service lanmanserver -Force

More details How to disable feature that opened port 445 on windows by PowerShell

frank

Posted 2013-08-08T18:46:00.920

Reputation: 906

Please do not post the same answer to multiple questions. If the same information really answers both questions, then one question (usually the newer one) should be closed as a duplicate of the other. You can indicate this by voting to close it as a duplicate or, if you don't have enough reputation for that, raise a flag to indicate that it's a duplicate. Otherwise tailor your answer to this question and don't just paste the same answer in multiple places.

– DavidPostill – 2017-05-18T07:51:15.873

0

Port 445 = SMB = Printer and File Sharing. So disable the file sharing in the network connection options to close the port.

magicandre1981

Posted 2013-08-08T18:46:00.920

Reputation: 86 560

2I've disabled Printer and File sharing but port still opened. – javapowered – 2013-08-08T18:53:23.203

According to thus list: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers 445 is also used for Active Directory. Do you host this?

– magicandre1981 – 2013-08-08T18:55:23.793

1no I do not need anything and I want to disable everything, i'm using server for trading. – javapowered – 2013-08-08T19:24:07.710

Asked: 2013-08-08T18:46:00.920

Viewed: 75 604 times

Active: 2017-06-11T03:58:42.520