Security Concerns - 445

[JuWaJo 0]

I have attempted to edit the registry under NetBT to value 2 as well as block the port within firewall rules under ntoskrnl under 138, 137, 139, and 445. I've made the conclusion of this when syphoning through Details within task manager/file location. However, 445 is still listening. I've also tried turning off netbios, ipv6 on my network adapters. I've been having security concerns and would like to ask as well if anything seems off. Regards.

Edited May 17, 2019 by JuWaJo

[Marcos 5,074]

If you have marked your local network as home/office and not as public, sharing via SMB will be allowed within your network but blocked from outside.

https://www.thewindowsclub.com/smb-port-what-is-port-445-port-139-used-for

...it is in our interest to not expose Port 445 to the Internet but like Windows Port 135, Port 445 is deeply embedded in Windows and is hard to close safely. That said, its closure is possible, however, other dependent services such as DHCP (Dynamic Host Configuration Protocol) which is frequently used for automatically obtaining an IP address from the DHCP servers used by many corporations and ISPs, will stop functioning.

[JuWaJo 0]

Okay. All of my networks are marked as public. Everything else seems to be functioning. I have removed ntoskrnl.exe from the SMB rule considering it didn't seem to make a difference.

[Marcos 5,074]

You can create a blocking rule and put it on top of pre-defined rules that are hidden by default to take precedence over them. Do it on your own risk and in case something stops working it might be because of that.