Closing port 445 what to lose. How to protect yourself from the WannaCry virus

To solve various problems related to the local network or the Internet, Windows 10 uses predefined ports. One of them, numbered 445, in some cases is recommended to be closed manually, despite the fact that the operating system turns it on automatically.

What is a TCP port

Port 445 is one of the TCP ports. TCP is a protocol, that is, a set of conditions and rules that ensures stable communication between multiple devices over the Internet. This protocol, like all others, establishes a certain format for transmitting information. If it were not there, then, for example, from one device a packet of information would be sent in the form of the string "User: Name", while the other device expected to see the string "Name - user", as a result of which it would not be able to process the request correctly and the internet connection was interrupted.

The TCP protocol also provides security by checking the IP address (unique device number) when sending each data packet. Thanks to this, even if some third-party device is introduced into the stream of information being sent, data will not be sent to it.

What is port 445 responsible for?

Port number 445 is one of many that operate over the TCP protocol. But it has a specific task that other ports do not - provide a connection between shared printers, scanners and folders. Shared refers to devices and data that can be accessed from any computer, not just the one to which they are connected or located.

For example, you can connect to a shared printer from a computer that does not have a direct cable connection to the printer. To do this, you need to connect to the computer to which the cable from the printer is connected via port 445. After that, the device user will be able to send commands to the printer (start printing, stop it, etc.) without a physical connection to it.

With a connection to port 445, you can also view the contents of the hard disk and modify it.

Why port 445 should be closed

On the one hand, port 445 will be useful if you work on several computers at once: you can quickly exchange data and control devices connected to another computer via the Internet. On the other hand, an open port 445 puts you in danger. Experienced people can use it as an operating system vulnerability: connect to it and gain access to your files located on your hard drive.

If you do not intend to use this port, or if you have important files stored in your computer's memory, use the instructions below to close the port, thus patching one of the potentially dangerous holes in Windows.

How to check if a port is open

Before closing the port manually, it is worth checking if it is currently open. By default, Windows 10 opens it. But some third-party antiviruses, or rather, firewalls (network security programs), can close it.

We close the port

In Windows 10, there are several ways to close port 445. If one of them does not work for some reason, resort to the help of another. But no matter which method you choose, the result will be the same - port 445 will stop listening, that is, you will not be able to connect to it.

Through a firewall

A firewall is a program that ensures the security of a user working with the Internet, so it can be used to block potentially dangerous ports. Windows 10 has a built-in firewall that will do the job:

1. Expand the Windows search bar by clicking on the magnifying glass icon located in the lower left corner of the screen. Write the query "Windows Firewall" and expand the found option. Opening firewall settings
2. In the expanded control panel window, click on the line "Advanced options".
   Open advanced firewall options
3. Navigate to the Inbound Rules folder and start creating a new rule.
   Click the "Create Rule" button
4. Specify that the rule will be created for the port and proceed to the next step.
   Specify the option "For the port"
5. Check the box next to the "TCP protocol" line and enter port 445.
   Select TCP protocol and port 445
6. Select the "Block connection" option.
   Select "Connection block"
7. Do not uncheck all three items, let the blocking apply to all levels.
   We leave the application of the created rule for all profiles
8. Write down a clear name and description, which in the future will allow you to remember what the created rule is responsible for - suddenly you or another user will have to unblock this port.
   Specify a name and description for the task

Using the command line

The command line allows you to manage all system settings. Including through it you can open and close ports:

By following the above two steps, you will create the same firewall rule as you would with a firewall configuration.

Using the registry

The registry stores values ​​for all operating system settings. By changing them, you can activate or deactivate the port:

After completing all the steps, close the registry and restart your computer for the changes to take effect.

With the help of WWDC

WWDC is a third party program that simplifies the process of enabling and disabling ports. The official site from which you can download the application is http://wwdc.toom.su (unavailable at the time of this writing).

After you download and open the program, a list of ports and their status will appear: enable - enabled, disable - suspended, close - closed. Find number 445 among all ports and click on the button under its name - its state will change. You must set the close option.

After the desired parameter is set, the changes will take effect and port 445 will be closed.

Video: How to close a port in Windows 10

Port 445 is responsible for remote work with shared printers and folders. Its disadvantage is that it reduces the level of system protection. To protect yourself from viruses, you should close this port using a firewall, command line, registry, or WWDC application.

Yesterday, unknown people staged another massive attack using a ransomware virus. Experts said that dozens of large companies in Ukraine and Russia were affected. The ransomware is called Petya.A (probably, the virus is named after Petro Poroshenko). They write that if you create a perfc file (without extension) and place it at C:\Windows\, the virus will bypass you. If your computer went into a reboot and started "checking the disk", you need to turn it off immediately. Booting from a LiveCD or USB will give you access to the files. Another way to protect yourself is to close ports 1024-1035, 135 and 445. We will now understand how to do this using the example of Windows 10.

Step 1
Go to Windows Firewall(it is better to choose the enhanced security mode), select the tab " Extra options».
Select the tab " Rules for incoming connections", then action " Create Rule” (in the right column).

Step 2
Select the type of rule - " for Port". In the next window select " TCP protocol”, specify the ports that you want to close. In our case, this 135, 445, 1024-1035 " (without quotes).

Step 3
Select the item " Block connection”, in the next window we mark all profiles: Domain, Private, Public.

Step 4
It remains to come up with a name for the rule (so that it will be easy to find in the future). You can specify a description for the rule.

If some programs stop working or start to work incorrectly, you may have closed the port they are using. You will need to add an exception in the firewall for them.

135 TCP port used by remote services (DHCP, DNS, WINS, etc.) and in Microsoft client-server applications (eg Exchange).

445 TCP port used in Microsoft Windows 2000 and later for direct TCP/IP access without using NetBIOS (for example, in Active Directory).

Publication

The WannaCry virus, also known as WannaCrypt or Wanna Decryptor, hit the virtual world in May 2017. The malware penetrated local networks, infecting one computer after another, encrypted files on disks, and required the user to transfer $300 to $600 to ransomware to unlock them. The Petya virus, which gained almost political notoriety in the summer of 2017, acted in a similar way.

Both network pests penetrated the operating system of the victim computer through the same door - network ports 445 or 139. Following the two major viruses, smaller types of computer infection began to exploit. What are these ports that are scanned by everyone who is not lazy?

What are ports 445 and 139 responsible for in Windows

These ports are used by Windows to share files and printers. The first port is responsible for the Server Message Blocks (SMB) protocol, and the Network Basic Input-Output System (NetBIOS) protocol works through the second. Both protocols allow Windows computers to connect over the network to "shared" folders and printers over the basic TCP and UDP protocols.

Starting with Windows 2000, file and printer sharing over a network is done primarily through port 445 using the SMB application protocol. The NetBIOS protocol was used in earlier versions of the system, working through ports 137, 138 and 139, and this feature was retained in later versions of the system as a throwback.

Why open ports are dangerous

445 and 139 is a subtle but significant vulnerability in Windows. Leaving these ports unsecured opens the door wide to your hard drive for intruders like viruses, trojans, worms, and hackers. And if your computer is connected to a local network, then all its users are at risk of malware infection.

In effect, you are sharing your hard drive with anyone who can access these ports. If desired and skill, attackers can view the contents of the hard drive, or even delete data, format the drive itself, or encrypt files. This is exactly what the WannaCry and Petya viruses did, the epidemic of which swept the world this summer.

Thus, if you care about the security of your data, it will not be out of place to learn how to close ports 139 and 445 in Windows.

Finding out if ports are open

In most cases, port 445 is open in Windows because printer and file sharing features are automatically enabled when you install Windows. This can be easily checked on your machine. Press keyboard shortcut Win+R to open the Quick Launch window. In it enter “ cmd" to run the command line. At the command line, type " netstat-na" and press Enter. This command allows you to scan all active network ports and display data about their status and current incoming connections.

After a few seconds, the port statistics table will appear. At the very top of the table, the IP address of port 445 will be indicated. If the status in the last column of the table is “LISTENING”, it means that the port is open. Similarly, you can find port 139 in the table and find out its status.

How to close ports in Windows 10/8/7

There are three main methods to close port 445 in Windows 10, 7 or 8. They do not differ much from each other depending on the version of the system and are quite simple. You can try any of them to choose from. You can also close port 139 in the same way.

Close ports through firewall

The first method, which allows you to close port 445 in Windows, is the simplest and is available to almost any user.

1. Go to Start > Control Panel > Windows Firewall and click on the link Extra options.
2. Click Inbound Exception Rules > New Rule. In the window that appears, select For Port > Next > TCP Protocol > Defined Local Ports, in the field next to enter 445 and click Further.
3. Next select Block connection and press again Further. Check three checkboxes again Further. Specify a name and optionally a description for the new rule and click Ready.

Now the possibility of incoming connection to port 445 will be closed. If necessary, a similar rule can be created for port 139.

Closing ports via command line

The second method involves command line operations and is more suitable for advanced Windows users.

1. Click Start and in the search bar at the bottom of the menu, type “ cmd". In the list that appears, right-click on cmd and select Run as administrator.
2. Copy the command into the command line window netsh advfirewall set allprofile state on. Click Enter.
3. Then copy the following command: netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445". Click Enter again.

This procedure will also create a Windows Firewall rule to close port 445. Some users, however, report that this method does not work on their machines: when checked, the port remains in the “LISTENING” status. In this case, you should try the third method, which is also quite simple.

Closing ports through the Windows registry

You can also block connections to port 445 by making changes to the system registry. Use this method with caution: the Windows registry is the main database of the entire system, and an accidental mistake can lead to unpredictable consequences. Before working with the registry, it is recommended to make a backup copy, for example, using the CCleaner program.

1. Click Start and in the search bar type “regedit”. Click Enter.
2. In the registry tree, change to the following directory: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters.
3. A list of options will be displayed on the right side of the window. Right-click in an empty area of ​​the list and select Create. From the drop-down menu, select DWORD value (32-bit) or DWORD value (64-bit) depending on your system type (32-bit or 64-bit).
4. Rename the new setting to SMBDeviceEnabled, and then double-click on it. In the displayed window Changing a parameter in field Meaning replace 1 with 0 and click OK for confirmation.

This method is most effective if you follow the instructions above exactly. Note that it only applies to port 445.

For better protection, you can also disable the Windows Server service after making changes to the registry. To do this, do the following:

1. Click Start and in the search bar type "services.msc". A list of Windows system services will open.
2. Find the Server service and double click on it. As a rule, it is located somewhere in the middle of the list.
3. In the window that appears, in the drop-down list Launch type select Disabled and press OK.

The above methods (with the exception of the third one) allow you to close not only port 445, but also ports 135, 137, 138, 139. To do this, when performing the procedure, simply replace the port number with the one you need.

If you later need to open ports, simply delete the created rule in the Windows firewall or change the value of the registry entry created in the registry from 0 to 1, and then enable the Windows Server service back by selecting from the list Launch type meaning Automatically instead of Disabled.

Important! It must be remembered that port 445 in Windows is responsible for sharing files, folders, and printers. Thus, if you close this port, you will no longer be able to "share" the shared folder for other users or print a document over the network.

If your computer is connected to a local network and you need these functions to work, you should use third-party security tools. For example, activate the firewall of your antivirus, which will take control of all ports and will monitor them for unauthorized access.

By following the recommendations above, you can protect yourself from a subtle but serious vulnerability in Windows and protect your data from numerous types of malware that can enter the system through ports 139 and 445.

→ How to close vulnerable ports in Windows?

How to close vulnerable ports in Windows?

In the world, almost every day, dozens of computers are infected with dangerous viruses, and more and more users are beginning to look for ways to improve the security of their personal computer.

PCs running the Windows operating system are most commonly infected. This is due to the fact that most viruses enter the OS through certain incoming connections, the so-called "ports", which, unfortunately, are enabled by default.

Simplifying somewhat, the concept of "port" can be defined as the number of incoming connection of external programs (including viruses) to your computer via an IP network. Each port is assigned a unique number to identify the only possible destination for data in the operating system.

Having penetrated the computer, viruses begin to infect user data and open all previously closed Windows ports for faster spread through the system. To prevent this from happening, it is necessary to block the most vulnerable ports, thereby preventing the possibility of infection and raising Windows security to a higher level.

The most vulnerable ports of Windows 7 - 10

• TCP port 445 (it is used for file sharing)
• TCP port 139 (intended for remote connection to a computer)
• UDP port 137 (used to search for information on other computers)
• TCP port 135 (commands are executed through it)

How to close ports 135 to 139 and 445 in Windows?

There are many options for closing Windows ports, but in this article we will look at the easiest ways to do this.

Method 1 - using the command line

The Windows command line is used to set values ​​for those system settings that do not have a graphical interface. These functions include the considered open connection ports.

The command line is launched in several stages:

• Press the key combination Win+R
• In the command window that appears, type CMD
• Click "OK"

You will see a window with a black background. Copy the following lines one by one and press the enter key:

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=135 name="Block1_TCP-135"

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=137 name="Block1_TCP-137"

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=138 name="Block1_TCP-138"

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=139 name="Block_TCP-139"(command helps close port 139)

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="Block_TCP-445"(command helps close port 445)

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=5000 name="Block_TCP-5000"

These six commands close the 4 most dangerous open Windows ports listed above, as well as port 5000, which is responsible for discovering open services, and UDP port 138 of NetBIOS name resolution.

Method 2 - using third-party programs

In order not to use manual work with the command line, you can use third-party software. The essence of his work comes down to the same editing of the registry as in the method above, only in a visual display.

Instructions for working with a program that closes ports

1. 1. 1. Download and install the program

1. 1. 2. The installed program must be run with administrator rights

1. 1. 3. In the window that appears, when you press the "Close" or "Disable" buttons, all vulnerable Windows ports are disabled and closed

It is important to note that with this program you can not only close, but also open ports.

Conclusion

In addition to closing the most dangerous network ports on your computer, you must not forget that these actions do not achieve maximum security for the operating system.

Your Windows must have Microsoft-sent critical service packs, antivirus software, secure browsers, and other security and anonymity software.

We invite you to discuss the topic of protecting network ports in the comments and share useful methods for improving privacy. Don't forget to send the link to this article to your friends so they too know how to close open Windows ports.

Also watch our video where we go into more detail on how to close vulnerable ports:

Every day, PC owners are faced with a huge number of dangerous programs and viruses that somehow get on the hard drive and cause leakage of important data, computer breakdown, theft of important information and other unpleasant situations.

Most often, computers running on Windows of any version, be it 7, 8, 10 or any other, are infected. The main reason for such statistics is incoming PC connections or "ports", which are the weak point of any system due to their availability by default.

The word "port" is a term that refers to the serial number of incoming connections that are directed to your PC from external software. It often happens that these ports use viruses that easily penetrate your computer using an IP network.

Virus software, having entered the computer through such incoming connections, quickly infects all important files, not only user files, but also system files. To avoid this, we recommend that you close all standard ports, which can become your vulnerable spot when attacked by hackers.

Which ports are the most vulnerable in Windows 7-10?

Numerous studies and surveys of experts show that up to 80% of malicious attacks and hacks occurred using the four main ports used to quickly transfer files between different versions of Windows:

• TCP port 139, required for remote connection and PC control;
• TCP port 135, intended for executing commands;
• TCP port 445 for fast file transfer;
• UDP port 137, through which a quick search on the PC is carried out.

Close ports 135-139 and 445 in Windows

We suggest that you familiarize yourself with the simplest ways to close Windows ports that do not require additional knowledge and professional skills.

Using the command line

The Windows command line is a software shell that is used to set certain functions and parameters for software that does not have its own graphical shell.

In order to start the command line, you must:

1. Simultaneously press the key combination Win + R
2. In the command line that appears, enter cmd
3. Click on the "OK" button

A working window with a black background will appear, in which you need to enter the following commands one by one. After each line entered, press the Enter key to confirm the action.
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=135 name="Block1_TCP-135"(command to close port 135)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=137 name="Block1_TCP-137"(command to close port 137)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=138 name="Block1_TCP-138"(command to close port 138)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=139 name="Block_TCP-139"(command to close port 139)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="Block_TCP-445"(command to close port 445)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=5000 name="Block_TCP-5000"

The six commands we have given are needed to: close 4 vulnerable Windows TCP ports (open by default), close UDP port 138, and close port 5000, which is responsible for displaying a list of available services.

We close ports with third-party programs

If you don't want to spend time working with the command line, we suggest you check out third-party applications. The essence of such software is to edit the registry in automatic mode with a graphical interface, without the need for manual entry of commands.

According to our users, the most popular program for this purpose is Windows Doors Cleaner. It will help you to easily close ports on a computer running Windows 7/8/8.1/10. Older versions of operating systems are unfortunately not supported.

How to work with a program that closes ports

In order to use Windows Doors Cleaner, you must:

1. Download software and install it
2. Run the program by right-clicking on the shortcut and selecting "run as administrator"
3. In the working window that appears, there will be a list of ports and the “Close” or “Disable” buttons that close vulnerable Windows ports, as well as any others you wish
4. After the necessary changes have been made, you must reboot the system

Another advantage of the program is the fact that with its help you can not only close ports, but also open them.

Drawing conclusions

Closing vulnerable network ports in Windows is not a panacea for all ills. It is important to remember that network security can only be achieved through comprehensive actions aimed at closing all the vulnerabilities of your PC.

For Windows security, the user must install critical updates from Microsoft, have licensed anti-virus software and a firewall enabled, use only safe software and regularly read our articles, in which we talk about all the existing ways to achieve anonymity and security of your data.

Do you know better ways to close network ports? Share your knowledge in the comments and do not forget to repost the article to your page. Share useful information with your friends and don't give hackers a chance to harm your loved ones!