Port 445 description. How to close vulnerable ports in Windows? Instructions for working with a program that closes ports

→ How to close vulnerable ports in Windows?

How to close vulnerable ports in Windows?

Almost every day, dozens of computers around the world are infected with dangerous viruses, and more and more users are starting to look for ways to improve the security of their personal computer.

PCs running the Windows operating system are most often infected. This is due to the fact that most viruses penetrate the OS through certain incoming connections, so-called “ports”, which, unfortunately, are enabled by default.

Simplifying somewhat, the concept of “port” can be defined as the number of incoming connections from external programs (including viruses) to your computer via an IP network. Each port is assigned a unique number to identify the only possible recipient of data in the operating system.

Having penetrated the computer, viruses begin to infect user data and open all previously closed Windows ports for faster spread throughout the system. To prevent this from happening, it is necessary to block the most vulnerable ports, thereby preventing the possibility of infection and raising Windows security to a higher level.

The most vulnerable ports of Windows 7 – 10

• TCP port 445 (it is used for file exchange)
• TCP port 139 (designed for remote connection to a computer)
• UDP port 137 (used to search for information on other computers)
• TCP port 135 (command tasks are executed through it)

How to close ports 135 to 139 and 445 in Windows?

There are many options for closing Windows ports, but in this article we will look at the easiest ways to do this.

Method 1 - Using the Command Line

The Windows command line is used to set values ​​for system settings that do not have a graphical interface. These functions include the open connection ports under consideration.

The command line starts in several stages:

• Press the key combination Win+R
• In the command window that appears, type CMD
• Click "OK"

A window with a black background will appear in front of you. Copy the lines below into it one by one and press the enter key:

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=135 name="Block1_TCP-135"

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=137 name="Block1_TCP-137"

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=138 name="Block1_TCP-138"

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=139 name="Block_TCP-139"(the command helps close port 139)

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="Block_TCP-445"(the command helps close port 445)

netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=5000 name="Block_TCP-5000"

These six commands close the 4 most dangerous open Windows ports listed above, as well as port 5000, which is responsible for discovering open services, and UDP port 138 for NetBIOS name resolution.

Method 2 - using third-party programs

To avoid manual command line work, you can use third-party software. The essence of his work comes down to the same editing of the registry as in the method above, only in a visual display.

Instructions for working with a program that closes ports

1. 1. 1. Download and install the program

1. 1. 2. The installed program must be run with administrator rights

1. 1. 3. In the window that appears, clicking the “Close” or “Disable” buttons disables and closes all vulnerable Windows ports

It is important to note that with this program you can not only close, but also open ports.

Conclusion

In addition to closing the most dangerous network ports on your computer, you must remember that these actions do not achieve maximum security for the operating system.

On your Windows, you need to install critical update packages sent by Microsoft, antivirus programs, secure browsers and other software that increases security and anonymity.

We invite you to discuss the topic of protecting network ports in the comments and share useful methods for increasing confidentiality. Don't forget to send the link to this article to your friends so that they too know how to close open Windows ports.

Also watch our video where we talk in more detail about how to close vulnerable ports:

The WannaCry virus, also known as WannaCrypt or Wanna Decryptor, hit the virtual world in May 2017. The malware penetrated local networks, infecting one computer after another, encrypting files on disks and demanding that the user transfer $300 to $600 to the ransomware to unlock them. The Petya virus, which gained almost political fame in the summer of 2017, acted in a similar way.

Both network pests penetrated the operating system of the victim computer through the same door - network ports 445 or 139. Following the two large viruses, smaller types of computer infections began to be exploited. What kind of ports are these that are scanned by all and sundry?

What are ports 445 and 139 responsible for in Windows?

These ports are used in Windows to share files and printers. The first port is responsible for the Server Message Blocks (SMB) protocol, and the second port runs the Network Basic Input-Output System (NetBIOS) protocol. Both protocols allow computers running Windows to connect over the network to “shared” folders and printers over the basic TCP and UDP protocols.

Starting with Windows 2000, file and printer sharing over the network is carried out primarily through port 445 using the SMB application protocol. The NetBIOS protocol was used in earlier versions of the system, operating through ports 137, 138 and 139, and this feature was retained in later versions of the system as an atavism.

Why are open ports dangerous?

445 and 139 is a subtle but significant vulnerability in Windows. By leaving these ports unprotected, you open the door to your hard drive wide open to uninvited guests such as viruses, trojans, worms, and hacker attacks. And if your computer is connected to a local network, then all its users are at risk of infection with malicious software.

In effect, you are sharing your hard drive with anyone who can access these ports. If desired and skillful, attackers can view the contents of a hard drive, or even delete data, format the drive itself, or encrypt files. This is exactly what the WannaCry and Petya viruses did, the epidemic of which swept across the world this summer.

Thus, if you care about the security of your data, it would be a good idea to learn how to close ports 139 and 445 in Windows.

Finding out if the ports are open

In most cases, port 445 is open in Windows because printer and file sharing is automatically enabled when Windows is installed. You can easily check this on your machine. Press the keyboard shortcut Win+R to open the Quick Launch window. In it, enter “ cmd" to launch the command line. At the command line, type “ netstat -na" and press Enter. This command allows you to scan all active network ports and display data about their status and current incoming connections.

After a few seconds, a port statistics table will appear. At the very top of the table the IP address of port 445 will be indicated. If the last column of the table contains the status "LISTENING", this means that the port is open. Similarly, you can find port 139 in the table and find out its status.

How to close ports in Windows 10/8/7

There are three main methods to close port 445 in Windows 10, 7 or 8. They do not differ much depending on the system version and are quite simple. You can try any of them to choose from. You can also close port 139 using the same methods.

Closing ports through the firewall

The first method, which allows you to close port 445 in Windows, is the simplest and is accessible to almost any user.

1. Go to Start > Control Panel > Windows Firewall and click on the link Extra options.
2. Click Rules for Incoming Exceptions > New Rule. In the window that appears, select For Port > Next > TCP Protocol > Specific Local Ports, enter 445 in the field next to it and click Further.
3. Next select Block connection and press again Further. Check three boxes again Further. Enter a name and, if desired, a description of the new rule and click Ready.

Now the possibility of incoming connections to port 445 will be closed. If necessary, a similar rule can be created for port 139.

Closing ports via the command line

The second method involves command line operations and is more suitable for advanced Windows users.

1. Click Start and in the search bar at the bottom of the menu, type “ cmd". In the list that appears, right-click on cmd and select Run as administrator.
2. Copy the command into the command line window netsh advfirewall set allprofile state on. Click Enter.
3. Then copy the following command: netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445". Click Enter again.

As a result of the procedure, a Windows Firewall rule will also be created to close port 445. Some users, however, report that this method does not work on their machines: when checking, the port remains in the “LISTENING” status. In this case, you should try the third method, which is also quite simple.

Closing ports through the Windows registry

You can also block connections to port 445 by making changes to the system registry. This method should be used with caution: the Windows registry is the main database of the entire system, and an accidental error can lead to unpredictable consequences. Before working with the registry, it is recommended to make a backup copy, for example, using CCleaner.

1. Click Start and in the search bar enter "regedit". Click Enter.
2. In the registry tree, navigate to the following directory: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters.
3. A list of options will appear on the right side of the window. Right-click in an empty list area and select Create. From the drop-down menu, select DWORD value (32-bit) or DWORD value (64-bit) depending on your system type (32-bit or 64-bit).
4. Rename the new parameter to SMBDeviceEnabled, and then double-click on it. In the window that appears Changing a parameter in field Meaning replace 1 with 0 and press OK for confirmation.

This method is most effective if you follow the above instructions exactly. It should be noted that it only applies to port 445.

To make protection more effective, you can also disable the Windows Server service after making changes to the registry. To do this, do the following:

1. Click Start and enter in the search bar "services.msc". A list of Windows system services will open.
2. Find the Server service and double-click on it. As a rule, it is located somewhere in the middle of the list.
3. In the window that appears, in the drop-down list Startup type select Disabled and press OK.

The above methods (with the exception of the third) allow you to close not only port 445, but also ports 135, 137, 138, 139. To do this, when performing the procedure, simply replace the port number with the desired one.

If you later need to open ports, simply delete the created rule in the Windows Firewall or change the value of the parameter created in the registry from 0 to 1, and then enable the Windows Server service back by selecting from the list Startup type meaning Automatically instead of Disabled.

Important! It is important to remember that port 445 in Windows is responsible for sharing files, folders and printers. Thus, if you close this port, you will no longer be able to “share” the shared folder with other users or print a document over the network.

If your computer is connected to a local network and you need these functions for work, you should use third-party protection tools. For example, activate your antivirus firewall, which will take control of all ports and monitor them for unauthorized access.

By following the recommendations above, you can protect yourself from invisible but serious vulnerabilities in Windows and protect your data from numerous types of malicious software that can penetrate the system through ports 139 and 445.

Yesterday, unknown people staged another massive attack using an encryption virus. Experts said that dozens of large companies in Ukraine and Russia were affected. The ransomware virus is called Petya.A (probably the virus is named after Petro Poroshenko). They write that if you create a perfc file (without extension) and place it at C:\Windows\, the virus will bypass you. If your computer reboots and starts “disk check”, you need to turn it off immediately. Booting from a LiveCD or USB drive will give you access to the files. Another method of protection: close ports 1024–1035, 135 and 445. We will now look at how to do this using Windows 10 as an example.

Step 1
Let's go to Windows Firewall(it’s better to choose enhanced security mode), select the “ Extra options».
Select the tab " Rules for incoming connections", then the action " Create a rule"(in the right column).

Step 2
Select the type of rule - “ for Port" In the next window, select “ TCP protocol", indicate the ports you want to close. In our case it is " 135, 445, 1024-1035 "(without quotes).

Step 3
Select the item “ Block connection", in the next window we mark all profiles: Domain, Private, Public.

Step 4
All that remains is to come up with a name for the rule (so that it will be easy to find in the future). You can specify a description of the rule.

If some programs stop working or work incorrectly, you may have blocked the port they are using. You will need to add an exception for them in the firewall.

135 TCP port used by remote services (DHCP, DNS, WINS, etc.) and in Microsoft client-server applications (for example, Exchange).

445 TCP port used in Microsoft Windows 2000 and later for direct TCP/IP access without using NetBIOS (for example, in Active Directory).

Publication

Every day, PC owners are faced with a huge number of dangerous programs and viruses that somehow end up on the hard drive and cause leakage of important data, computer breakdown, theft of important information and other unpleasant situations.

Most often, computers running Windows OS of any version are infected, be it 7, 8, 10 or any other. The main reason for these statistics is the incoming connections to the PC or “ports”, which are the weak point of any system due to their availability by default.

The word "port" is a term that refers to the serial number of incoming connections that are directed to your PC from external software. It often happens that these ports are used by viruses that can easily penetrate your computer using an IP network.

Virus software, having entered the computer through such incoming connections, quickly infects all important files, not only user files, but also system ones. To avoid this, we recommend closing all standard ports that could become your vulnerability when attacked by hackers.

What are the most vulnerable ports on Windows 7-10?

Numerous studies and surveys of experts show that up to 80% of malicious attacks and hacks occurred using four main ports used for fast file exchange between different versions of Windows:

• TCP port 139, required for remote connection and control of a PC;
• TCP port 135, intended for executing commands;
• TCP port 445, allowing fast file transfer;
• UDP port 137, which is used to quickly search on a PC.

Closing ports 135-139 and 445 in Windows

We invite you to familiarize yourself with the simplest ways to close Windows ports, which do not require additional knowledge or professional skills.

Using the command line

The Windows command line is a software shell that is used to specify certain functions and parameters for software that does not have its own graphical shell.

In order to launch the command line, you must:

1. Press the Win+R key combination at the same time
2. In the command line that appears, enter CMD
3. Click on the “OK” button

A working window with a black background will appear, in which you must enter the following commands one by one. After each entered line, press the Enter key to confirm the action.
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=135 name=»Block1_TCP-135″(command to close port 135)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=137 name=»Block1_TCP-137″(command to close port 137)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=138 name=»Block1_TCP-138″(command to close port 138)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=139 name=»Block_TCP-139″(command to close port 139)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name=»Block_TCP-445″(command to close port 445)
netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=5000 name=»Block_TCP-5000″

The six commands we have given are necessary to: close 4 vulnerable Windows TCP ports (open by default), close UDP port 138, and also close port 5000, which is responsible for displaying a list of available services.

Closing ports with third-party programs

If you don't want to waste time working with the command line, we suggest you check out third-party applications. The essence of such software is to edit the registry automatically with a graphical interface, without the need to manually enter commands.

According to our users, the most popular program for these purposes is Windows Doors Cleaner. It will help you easily close ports on a computer running Windows 7/8/8.1/10. Older versions of operating systems, unfortunately, are not supported.

How to work with a program that closes ports

In order to use Windows Doors Cleaner, you must:

1. Download the software and install it
2. Run the program by right-clicking on the shortcut and selecting “run as administrator”
3. In the working window that appears, there will be a list of ports and the “Close” or “Disable” buttons, which close vulnerable Windows ports, as well as any others you wish
4. After the necessary changes have been made, you need to reboot the system

Another advantage of the program is the fact that with its help you can not only close, but also open.

Drawing conclusions

Closing vulnerable network ports in Windows is not a panacea for all ills. It is important to remember that network security can only be achieved through comprehensive actions aimed at closing all vulnerabilities of your PC.

For Windows security, the user must install critical updates from Microsoft, have licensed anti-virus software and a firewall enabled, use exclusively secure software and regularly read our articles, in which we talk about all the existing ways to achieve anonymity and security of your data.

Do you know better ways to close network ports? Share your knowledge in the comments and don’t forget to repost the article to your page. Share useful information with your friends and don't give hackers a chance to harm your loved ones!