By default in Windows 10 and in Windows Server 2016 still includes support for SMB 1.0. In most cases, it is only required to ensure operation legacy systems:, Windows Server 2003 and later. In the event that there are no such clients left in your network, new Windows versions it is advisable to disable the SMB 1.x protocol, or completely remove the driver. Thus, you will protect yourself from a large number vulnerabilities that are inherent in this outdated protocol (as evidenced once again), and all clients, when accessing SMB balls, will use new, more productive, secure versions of the SMB protocol.
In one of the previous articles we have provided both client and server side. According to the table, older versions of clients (XP, Server 2003 and some outdated * nix clients) can use to access file shares only SMB 1.0 protocol. If there are no such clients left on the network, you can completely disable SMB 1.0 on the file servers (including AD domain controllers) and client stations.
Auditing access to the file server via SMB v1.0
Before disconnecting and complete removal SMB 1.0 driver. On the side of the SMB file server, it is advisable to make sure that there are no outdated clients left on the network connecting to it via SMB v1.0. To do this, enable auditing of access to file server on this protocol using PowerShell commands:
Set-SmbServerConfiguration –AuditSmb1Access $ true
After a while, study the events in Applications and Services magazine -> Microsoft -> Windows -> SMBServer -> Audi t for client access using the SMB1 protocol.
Advice... The list of events from this log can be displayed with the command:
Get-WinEvent -LogName Microsoft-Windows-SMBServer / Audit
In our example, access from the client 192.168.1.10 via the SMB1 protocol was recorded in the log. This is evidenced by events with EventID 3000 from the SMBServer source and description:
SMB1 access
Client Address: 192.168.1.10
Guidance:
This event indicates that a client attempted to access the server using SMB1. To stop auditing SMB1 access, use the Windows PowerShell cmdlet Set-SmbServerConfiguration.
V in this case, we will ignore this information, but we must take into account the fact that in the future given client will not be able to connect to this SMB server.
Disabling SMB 1.0 on the server side
SMB 1.0 can be disabled on both the client and server side. On the server side, SMB 1.0 provides access to SMB network folders (file balls) over the network, and on the client side, it is needed to connect to such resources.
Use the following PowerShell command to check if SMB1 is enabled on the server side:
As you can see, the value of the variable EnableSMB1Protocol = True.
So, let's disable support for this protocol:
Set-SmbServerConfiguration -EnableSMB1Protocol $ false -Force
And using the Get-SmbServerConfiguration cmdlet, make sure that the SMB1 protocol is now disabled.
To completely remove the driver that handles SMB v1 client access, run the following command:
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -Remove
It remains to reboot the system and make sure that SMB1 protocol support is completely disabled.
Get-WindowsOptionalFeature –Online -FeatureName SMB1Protocol
Disabling SMB 1.0 on the client side
By disabling SMB 1.0 on the server side, we ensured that clients would not be able to connect to it using this protocol. However, they can use an outdated protocol to access third-party (including external) resources. To disable SMB v1 client-side support, run the commands:
sc.exe config lanmanworkstation depends = bowser / mrxsmb20 / nsi
sc.exe config mrxsmb10 start = disabled
So, by disabling support for the outdated SMB 1.0 on the client and server side, you will completely protect your network from all known and not yet found vulnerabilities in it. And vulnerabilities in Microsoft Server Message Block 1.0 is found fairly regularly. The last significant vulnerability in SMBv1, which could allow an attacker to remotely execute arbitrary code, was patched in March 2017.
Read, How to disable obsolete security protocol in Windows 10 for more PC protection from malware and ransomware programs. In local networks, files are transmitted, most often via " FTP protocol"(File Transfer protocol), which is not always convenient for large or corporate LANs. Of course, expensive document management systems can come to the rescue, which greatly simplify simultaneous work and file transfer. But these programs require additional costs, settings and time, therefore, it is easiest to use a regular file server operating on the "SMB" (Server Message Block) protocol.
Whole outbreaks caused by malware "WannaCry" and "Petya", spread at breakneck speed on the Internet, they exploit a loophole in an ancient protocol "SMBv1". This protocol is still installed on Windows by default, for some ridiculous reason. If you are using Windows 10, 8 or 7, then you should make sure that "SMBv1" disabled on your PC.
Content:
What is SMBv1 and why is it enabled by default?
"SMBv1" Is an old version of the server message protocol that Windows uses to sharing files in local network... It was subsequently replaced by "SMBv2" and "SMBv3"... These versions can be left enabled as they have more best protection from hacking than the first version.
Older protocol "SMBv1" enabled only because there are still a few old applications left that do not use "SMBv2" or "SMBv3"... Company developers Microsoft constantly updating the list of such software.
If you are not using any of these programs, then, therefore, you must disable "SMBv1" on your Windows PC. It is advisable to do this to protect the computer from any future attacks with a protocol vulnerability. "SMBv1"... Even specialists Microsoft recommends disabling this protocol if you do not need it.
How to disable SMBv1 protocol in Windows 8, 8.1 and 10
Since the update Windows Autodesk for Windows 10, protocol "SMBv1" will be disabled by default. Unfortunately, in order to make this change in operating system, users needed to raise a huge storm of discontent, but still better late than never.
At the same time, protocol support "SMBv1" can be easily disabled by yourself and in Windows 8, 8.1 and 10. Open "Control Panel"-> go to "Programs"-> click on the link.
You can also disable protocol support "SMBv1" just by opening the menu "Start", enter search word "Component" in the search box and click on.
Scroll down the list and find the option "Support general access to SMB 1.0 / CIFS files "... Uncheck the box to disable this feature and click "OK".
After making the changes, the system will prompt you to restart your computer.
How to disable SMBv1 in Windows 7 using the Windows registry
To disable the protocol "SMBv1" in Windows 7, you will have to edit the Windows Registry.
Standard warning: change entries windows registry through a standard editor, may result in unstable work OS, and even a complete or partial failure of the operating system. Using the editor is quite simple, and as long as you follow these instructions, you shouldn't have any problems. And definitely, create backup registry and all important information which is stored on the operating system disk before any changes are made.
First, open the registry editor, click on the button "Start" and type "Regedit" in the search box, then click right click mouse over the application, and launch the registry editor as administrator.
In the registry editor use the left side panel to go to the next key:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
Then you need to create new parameter inside subsection "Parameters"... Right click on the icon "Parameters"-> move the mouse cursor over "Create"-> then select "DWORD Parameter (32 bit)".
Name the new parameter "SMB1".
"DWORD" will be created with the value «0» and that's perfect. «0» means that "SMBv1" disabled. You don't need to edit given value after its creation.
Now close the registry editor. You will also need to restart your computer for the changes to take effect. If you want to undo this change, return to this window and remove the parameter "SMB1".
Additional Information
The above steps are great for disabling protocol support "SMBv1" on one particular computer, but there are ways to disable it across the entire network. You need to refer to the official documentation « Microsoft Windows» per additional information about such opportunities. For example, in the documentation, you will find a solution to how to expose the above registry change using group policy security, if you need to disable "SMB1" all over the network on a Windows 7 PC.
Due to the recent epidemic ransomware WannaCry, exploiting the vulnerability SMB v1, the network has again tips for disabling this protocol. Moreover, Microsoft strongly recommended disabling the first version of SMB back in September 2016. But such a shutdown can lead to unexpected consequences, up to and including curiosities: I personally came across a company where, after the fight against SMB, they stopped playing wireless speakers Sonos.
Especially in order to minimize the likelihood of a "shot in the leg", I want to remind you about the features of SMB and consider in detail what threatens the ill-conceived disabling of its older versions.
SMB(Server Message Block) - network protocol for remote access to files and printers. It is he who is used when connecting resources via \ servername \ sharename. The protocol originally ran on top of NetBIOS using UDP ports 137, 138 and TCP 137, 139. Windows release 2000 began to work directly using TCP port 445. SMB is also used to log into Active domain Directory and work in it.
In addition to remote access to resources, the protocol is also used for interprocessor communication through named pipes. The process is addressed along the path \. \ Pipe \ name.
The first version of the protocol, also known as CIFS (Common Internet File System), was created back in the 1980s, but the second version appeared only with Windows Vista, in 2006. The third version of the protocol was released with Windows 8. In parallel with Microsoft, the protocol was created and updated in its open implementation Samba.
In each new version protocols were added different kinds improvements to improve performance, security, and support for new features. But at the same time, support for old protocols remained for compatibility. Of course, older versions had and still have enough vulnerabilities, one of which is used by WannaCry.
Under the spoiler you will find pivot table changes in SMB versions.
| Version | Operating system | Added compared to the previous version |
| SMB 2.0 | Windows Vista / 2008 | Changed the number of protocol commands from 100+ to 19 |
| Possibility of "pipeline" work - sending additional requests before receiving a response to the previous | ||
| Symbolic link support | ||
| HMAC SHA256 message signature instead of MD5 | ||
| Increase cache and write / read blocks | ||
| SMB 2.1 | Windows 7 / 2008R2 | Performance improvement |
| Support of greater importance MTU | ||
| BranchCache Service Support - A mechanism that caches requests in global network in the local network | ||
| SMB 3.0 | Windows 8/2012 | The ability to build transparent failover cluster with load sharing |
| Support direct access to memory (RDMA) | ||
| Powershell cmdlet management | ||
| VSS support | ||
| AES – CMAC signature | ||
| AES-CCM encryption | ||
| Ability to use network folders for storage virtual machines HyperV | ||
| Ability to use network folders for storage Microsoft bases SQL | ||
| SMB 3.02 | Windows 8.1 / 2012R2 | Improvements to security and performance |
| Automatic balancing in the cluster | ||
| SMB 3.1.1 | Windows 10/2016 | AES-GCM encryption support |
| Integrity check before authentication using SHA512 hash | ||
| Mandatory secure "negotiations" when working with clients SMB 2.x and higher |
We consider conditionally injured
It is quite simple to view the currently used version of the protocol, we use the cmdlet for this Get – SmbConnection:
Cmdlet output when open network resources on servers with different version Windows.
It can be seen from the output that a client that supports all protocol versions uses the maximum possible version from those supported by the server. Of course, if the client only supports old version protocol, and on the server it will be disabled - the connection will not be established. Enable or disable legacy support in modern Windows systems using the cmdlet Set – SmbServerConfiguration, and look at the state like this:
Get – SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
Turn off SMBv1 on a server running Windows 2012 R2.
Result when connecting from Windows 2003.
Thus, if you disable the old, vulnerable protocol, you can lose the functionality of the network with old clients. At the same time, in addition to Windows XP and 2003, SMB v1 is also used in a number of software and hardware solutions (for example, NAS on GNU \ Linux, using an old version of samba).
Under the spoiler, I will give a list of manufacturers and products that will completely or partially stop working when you disable SMB v1.
| Manufacturer | Product | A comment |
| Barracuda | SSL VPN | |
| Web Security Gateway backups | ||
| Canon | Scan to network share | |
| Cisco | WSA / WSAv | |
| WAAS | Versions 5.0 and older | |
| F5 | RDP client gateway | |
| Microsoft Exchange Proxy | ||
| Forcepoint (Raytheon) | "Some products" | |
| HPE | ArcSight Legacy Unified Connector | Older versions |
| IBM | NetServer | Version V7R2 and older |
| QRadar Vulnerability Manager | Versions 7.2.x and older | |
| Lexmark | Firmware eSF 2.x and eSF 3.x | |
| Linux Kernel | CIFS client | From 2.5.42 to 3.5.x |
| McAfee | Web gateway | |
| Microsoft | Windows | XP / 2003 and older |
| MYOB | Accountants | |
| NetApp | ONTAP | Versions prior to 9.1 |
| NetGear | ReadyNAS | |
| Oracle | Solaris | 11.3 and older |
| Pulse Secure | PCS | 8.1R9 / 8.2R4 and older |
| PPS | 5.1R9 / 5.3R4 and older | |
| QNAP | All storage devices | Firmware older than 4.1 |
| RedHat | RHEL | Versions prior to 7.2 |
| Ricoh | MFP, scan to network resource | In addition to a number of models |
| RSA | Authentication Manager Server | |
| Samba | Samba | Older than 3.5 |
| Sonos | Wireless speakers | |
| Sophos | Sophos UTM | |
| Sophos XG firewall | ||
| Sophos Web Appliance | ||
| SUSE | SLES | 11 and older |
| Synology | Diskstation Manager | Control only |
| Thomson reuters | CS Professional Suite | |
| Tintri | Tintri OS, Tintri Global Center | |
| VMware | Vcenter | |
| ESXi | Older than 6.0 | |
| Worldox | GX3 DMS | |
| Xerox | MFP, scan to network resource | Firmware without ConnectKey Firmware |
The list is taken from the Microsoft website, where it is regularly updated.
The list of products using the old version of the protocol is quite large - before disabling SMB v1, you should definitely think about the consequences.
Disable
If there are no programs and devices using SMB v1 on the network, then, of course, it is better to disable the old protocol. In this case, if shutdown on SMB Windows server 8/2012 is done using the Powershell cmdlet, then for Windows 7/2008 you will need to edit the registry. This can also be done with Powershell help:
Set – ItemProperty –Path "HKLM: \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters" SMB1 –Type DWORD –Value 0 –Force
Or any other in a convenient way... However, a reboot is required to apply the changes.
To disable SMB v1 support on a client, just stop the service responsible for its operation and fix the dependencies of the lanmanworkstation service. This can be done with the following commands:
sc.exe config lanmanworkstation depends = bowser / mrxsmb20 / nsi sc.exe config mrxsmb10 start = disabled
For the convenience of disabling the protocol across the entire network, it is convenient to use group policies, in particular Group Policy Preferences. With the help of them, you can conveniently work with the registry.
Creating a registry entry through group policies.
To disable the protocol on the server, just create the following parameter:
- value: 0.
path: HKLM: \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters;
new parameter: REG_DWORD with the name SMB1;
Create a registry key to disable SMB v1 on the server through Group Policy.
To disable SMB v1 support on clients, you need to change the value of two parameters.
First, disable the SMB v1 protocol service:
- value: 4.
path: HKLM: \ SYSTEM \ CurrentControlSet \ services \ mrxsmb10;
parameter: REG_DWORD named Start;
We update one of the parameters.
Then we will fix the dependence of the LanmanWorkstation service so that it does not depend on SMB v1:
- meaning: three lines - Bowser, MRxSmb20 and NSI.
path: HKLM: \ SYSTEM \ CurrentControlSet \ Services \ LanmanWorkstation;
parameter: REG_MULTI_SZ named DependOnService;
And replace with another.
After applying Group Policy, you must restart the computers in your organization. After reboot, SMB v1 will no longer be used.
Works - don't touch
Oddly enough, this old commandment is not always useful - ransomware and Trojans can run in rarely updated infrastructure. However, inaccurate shutting down and updating services can paralyze an organization just like viruses.
Tell us, have you already disabled SMB of the first version? Were there many victims?
Recent large-scale virus attacks spread using the holes and flaws of the old SMB1 protocol. For one minor reason, the Windows operating system still allows it to work by default. This older version of the protocol is used for file sharing on a local network. Its newer versions 2 and 3 are more secure and should be left enabled. Since you are using a new operating system numbered 10 or the previous one - 8 or even the already outdated one - 7, you must disable this protocol on your PC.
It is included only because some users still use old applications that were not updated in time to work with SMB2 or SMB3. Microsoft has compiled a list of them. Find it and view it on the Internet, if necessary.
If you keep all of your programs installed on your computer in good condition (update on time), you most likely need to disable this protocol. By doing this, increase the security of your operating system and confidential data by one step. By the way, even the specialists of the corporation itself recommend turning it off, if necessary.
Are you ready to make changes? Let's continue then.
SMB1
Open the Control Panel, where go to the "Programs" section and select the subsection "Turn Windows features on / off".
In the list, find the option “Support for SMB 1.0 / CIFS file sharing”, uncheck it and click “OK”.
Reboot the operating system after saving all your previously edited files, such as documents, etc.
FOR WINDOWS 7
Editing will help you here system registry... He is powerful tool system and in case of entering incorrect data into it, it can lead to unstable operation of the OS. Use it with caution, be sure to back it up before doing so.
Open the editor, for which press the combination Win keys+ R on your keyboard and typing “regedit” in the input field. Then follow the next path:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
create a new 32-bit DWORD and name it “SMB1” with the value “0”. Reboot your system.
Attention! These methods work to disable the protocol on only one PC, but not on the entire network. Refer to the official Microsoft documentation for the information you are interested in.
In connection with the recent outbreak of the WannaCry ransomware exploiting the SMB v1 vulnerability, tips for disabling this protocol have again appeared on the network. Moreover, Microsoft strongly recommended disabling the first version of SMB back in September 2016. But such a shutdown can lead to unexpected consequences, up to curiosities: I personally came across a company where, after the fight against SMB, Sonos wireless speakers stopped playing.
Especially in order to minimize the likelihood of a "shot in the leg", I want to remind you about the features of SMB and consider in detail what threatens the ill-conceived disabling of its older versions.
SMB(Server Message Block) is a network protocol for remote access to files and printers. It is he who is used when connecting resources via \ servername \ sharename. The protocol initially worked on top of NetBIOS using UDP ports 137, 138 and TCP 137, 139.With the release of Windows 2000, it began to work directly using TCP port 445. SMB is also used to log on to a domain Active Directory and work in it.
In addition to remote access to resources, the protocol is also used for interprocessor communication through named pipes. The process is addressed along the path \. \ Pipe \ name.
The first version of the protocol, also known as CIFS (Common Internet File System), was created back in the 1980s, but the second version appeared only with Windows Vista, in 2006. The third version of the protocol came out with Windows 8. In parallel with Microsoft, the protocol was created and was updated in its open source Samba implementation.
In each new version of the protocol, various improvements were added to increase performance, security and support for new functions. But at the same time, support for old protocols remained for compatibility. Of course, older versions had and still have enough vulnerabilities, one of which is used by WannaCry.
Below the spoiler, you will find a summary table of changes in SMB versions.
| Version | Operating system | Added compared to the previous version |
| SMB 2.0 | Windows Vista / 2008 | Changed the number of protocol commands from 100+ to 19 |
| Possibility of "pipeline" work - sending additional requests before receiving a response to the previous | ||
| Symbolic link support | ||
| HMAC SHA256 message signature instead of MD5 | ||
| Increase cache and write / read blocks | ||
| SMB 2.1 | Windows 7 / 2008R2 | Performance improvement |
| Higher MTU support | ||
| BranchCache support - a mechanism that caches WAN requests on a local area network | ||
| SMB 3.0 | Windows 8/2012 | Ability to build a transparent failover cluster with load balancing |
| Direct Memory Access (RDMA) support | ||
| Powershell cmdlet management | ||
| VSS support | ||
| AES – CMAC signature | ||
| AES-CCM encryption | ||
| Ability to use network folders to store HyperV virtual machines | ||
| Ability to use network folders to store Microsoft SQL databases | ||
| SMB 3.02 | Windows 8.1 / 2012R2 | Improvements to security and performance |
| Automatic balancing in the cluster | ||
| SMB 3.1.1 | Windows 10/2016 | AES-GCM encryption support |
| Integrity check before authentication using SHA512 hash | ||
| Mandatory secure "negotiations" when working with clients SMB 2.x and higher |
We consider conditionally injured
It is quite simple to view the currently used version of the protocol, we use the cmdlet for this Get – SmbConnection:
Cmdlet output with open network resources on servers with different versions of Windows.
It can be seen from the output that a client that supports all protocol versions uses the largest possible version supported by the server to connect. Of course, if the client only supports the old version of the protocol, and it is disabled on the server, the connection will not be established. Enable or disable legacy support in modern systems Windows using the cmdlet Set – SmbServerConfiguration, and look at the state like this:
Get – SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
Turn off SMBv1 on a server running Windows 2012 R2.
Result when connecting from Windows 2003.
Thus, if you disable the old, vulnerable protocol, you can lose the functionality of the network with old clients. At the same time, in addition to Windows XP and 2003, SMB v1 is also used in a number of software and hardware solutions (for example, NAS on GNU \ Linux, using an old version of samba).
Under the spoiler, I will give a list of manufacturers and products that will completely or partially stop working when you disable SMB v1.
| Manufacturer | Product | A comment |
| Barracuda | SSL VPN | |
| Web Security Gateway backups | ||
| Canon | Scan to network share | |
| Cisco | WSA / WSAv | |
| WAAS | Versions 5.0 and older | |
| F5 | RDP client gateway | |
| Microsoft Exchange Proxy | ||
| Forcepoint (Raytheon) | "Some products" | |
| HPE | ArcSight Legacy Unified Connector | Older versions |
| IBM | NetServer | Version V7R2 and older |
| QRadar Vulnerability Manager | Versions 7.2.x and older | |
| Lexmark | Firmware eSF 2.x and eSF 3.x | |
| Linux Kernel | CIFS client | From 2.5.42 to 3.5.x |
| McAfee | Web gateway | |
| Microsoft | Windows | XP / 2003 and older |
| MYOB | Accountants | |
| NetApp | ONTAP | Versions prior to 9.1 |
| NetGear | ReadyNAS | |
| Oracle | Solaris | 11.3 and older |
| Pulse Secure | PCS | 8.1R9 / 8.2R4 and older |
| PPS | 5.1R9 / 5.3R4 and older | |
| QNAP | All storage devices | Firmware older than 4.1 |
| RedHat | RHEL | Versions prior to 7.2 |
| Ricoh | MFP, scan to network resource | In addition to a number of models |
| RSA | Authentication Manager Server | |
| Samba | Samba | Older than 3.5 |
| Sonos | Wireless speakers | |
| Sophos | Sophos UTM | |
| Sophos XG firewall | ||
| Sophos Web Appliance | ||
| SUSE | SLES | 11 and older |
| Synology | Diskstation Manager | Control only |
| Thomson reuters | CS Professional Suite | |
| Tintri | Tintri OS, Tintri Global Center | |
| VMware | Vcenter | |
| ESXi | Older than 6.0 | |
| Worldox | GX3 DMS | |
| Xerox | MFP, scan to network resource | Firmware without ConnectKey Firmware |
The list is taken from the Microsoft website, where it is regularly updated.
The list of products using the old version of the protocol is quite large - before disabling SMB v1, you should definitely think about the consequences.
Disable
If there are no programs and devices using SMB v1 on the network, then, of course, it is better to disable the old protocol. Moreover, if the shutdown on the Windows 8/2012 SMB server is performed using the Powershell cmdlet, then for Windows 7/2008 you will need to edit the registry. This can also be done using Powershell:
Set – ItemProperty –Path "HKLM: \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters" SMB1 –Type DWORD –Value 0 –Force
Or in any other convenient way. However, a reboot is required to apply the changes.
To disable SMB v1 support on a client, just stop the service responsible for its operation and fix the dependencies of the lanmanworkstation service. This can be done with the following commands:
sc.exe config lanmanworkstation depends = bowser / mrxsmb20 / nsi sc.exe config mrxsmb10 start = disabled
For the convenience of disabling the protocol across the entire network, it is convenient to use group policies, in particular Group Policy Preferences. With the help of them, you can conveniently work with the registry.
Creating a registry entry through group policies.
To disable the protocol on the server, just create the following parameter:
- value: 0.
path: HKLM: \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters;
new parameter: REG_DWORD with the name SMB1;
Create a registry key to disable SMB v1 on the server through Group Policy.
To disable SMB v1 support on clients, you need to change the value of two parameters.
First, disable the SMB v1 protocol service:
- value: 4.
path: HKLM: \ SYSTEM \ CurrentControlSet \ services \ mrxsmb10;
parameter: REG_DWORD named Start;
We update one of the parameters.
Then we will fix the dependence of the LanmanWorkstation service so that it does not depend on SMB v1:
- meaning: three lines - Bowser, MRxSmb20 and NSI.
path: HKLM: \ SYSTEM \ CurrentControlSet \ Services \ LanmanWorkstation;
parameter: REG_MULTI_SZ named DependOnService;
And replace with another.
After applying Group Policy, you must restart the computers in your organization. After reboot, SMB v1 will no longer be used.
Works - don't touch
Oddly enough, this old commandment is not always useful - Trojans can also be found in infrastructure that is rarely updated. However, inaccurate shutting down and updating services can paralyze an organization just like viruses.
Tell us, have you already disabled SMB of the first version? Were there many victims?
