Use this tried and tested one to disable TCP port 445 in Windows 10 or 11.
Run Command Prompt as Administrator
Type following two commands
sc stop lanmanserver
sc config lanmanserver start=disabled
Reboot system
To check whether port 445 is listening by the system or not, if you get an empty result then you successfully blocked it.
netstat -n -a | findstr "LISTENING" | findstr ":445"
Of course, the above method should be used if you don’t require the port at all. Whereas if you require it sometimes, then alternatively, you can use your firewall to safeguard it. To accomplish this, configure them so that no outbound traffic is permitted through the open port. Although all services remain operational, however, accidentally entered malware would be unable to connect to the Internet or other computers.
1. Open Windows Defender Firewall with Advanced Security.
2. Select Inbound or Outbound Rules as per your requirement from the left side panel.
3. Find “File and Printer Sharing (SMB-In)” Private and Domain. Double click on them and then select “Block the connection”.
4. Now, right-click on these two rules and enable them.
How To Determine whether TCP port 445 is open or closed
After restarting your computer, launch the command prompt and enter ‘netstat -an‘. It will display a list of all open TCP ports. Make certain that ports 445 are not on this list. To confirm this, we can further utilize Avast Internet Security’s Wi-Fi inspector as an SMB vulnerability scanner and discovered that the port had been appropriately closed after following the tutorial above.
Ending Thoughts:
You have successfully limited the SMB server and port 445 in Windows 10 or 11, preventing harmful and ransomware assaults. Most importantly, your computer is no longer accessible via TCP port 445, which means the data on your hard drive is safe from unauthorized access. However, no tutorial can ensure complete security., thus, we also urge that you use a good antivirus program that is not free.
There is a widespread notion that an open port is hazardous. This is largely due to a lack of knowledge about how open ports work, why they are open, and which ones should not be open.
To interact across the Internet, open ports are required. An open port, on the other hand, can be problematic if the service listening on it is misconfigured, unpatched, exposed to exploits, or has low network security standards.
Vulnerable ports, such as the one used by the SMB protocol, are the most dangerous open ports, and they are enabled by default in some operating systems.