Is it recommended to disable both SMB1 and SMB2 (2024)

FAQs

Should I disable SMBv1 and SMBv2? ›

SMB1 is certainly fraught with security issues and should be discouraged. SMB2 is still fine and if disabled may cause some scanners to stop scan to folder and other options (and other devices might stop working as well as most have only just stopped using SMB1). Disable SMB1 first and check the effects.

The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component. You don't have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

Disabling SMBv1 support may prevent access to file or print sharing resources with systems or devices that only support SMBv1. File shares and print services hosted on Windows Server 2003 are an example, however Windows Server 2003 is no longer a supported operating system.

Security concerns

The SMBv1 protocol is not safe to use. By using this old protocol, you lose protections such as pre-authentication integrity, secure dialect negotiation, encryption, disabling insecure guest logins, and improved message signing.

A new hashing algorithm, HMAC SHA-256, makes SMB2. 0 more secure compared to the earlier dialects. With SMB3. 0, security has been further enhanced by the AES-CMAC algorithm, and with Windows 11, AES-256-GCM has been introduced.

Microsoft has since deprecated SMBv1 in favor of more secure and efficient versions. SMBv2 was introduced with Windows Vista and Windows Server 2008, bringing notable performance improvements, reduced complexity, and enhanced security.

SMB1 - Audit Active Usage using Message Analyzer

I would check on your servers , if they have got it then turn it off. Give it about 10 mins or so , then you will find out what devices are using it. I usually check the active SMB sessions on the servers to try and determine what might be affected.

SMB1 is considered a deprecated and non-secured protocol. For that reason, by design, it is blocked by default due to the security reasons and can be re-enabled by customer if needed.

The first version of the protocol – SMB v1 – was full of vulnerabilities that could be easily exploited. Today, the updated protocol is more secure, but SMB v1 exploits continue to happen because many machines still use the old and much more insecure protocol.

Is SMB1 deprecated? ›

Dialect: SecurityMode Server name: Guidance: SMB1 is deprecated and should not be installed nor enabled.

The Server Message Block (SMB) protocol is a client-server communication protocol that is used for shared access to files, directories, printers, serial ports, and other resources on a network.

When comparing to SMBv1, SMB version 2 introduced performance improvements, symbolic links and SHA-256 message signing in 2006 with Windows Vista. SMBv2 offers a much better alternative than SMBv1, but still SMBv3 is the version you'd want to see negotiated. Especially since SMBv3 offers end-to-end encryption.

The main difference is SMB2 (and now SMB3) is a more secure form of SMB. It is required for secure channel communications. The DirectControl agent (adclient) uses it to download Group Policy and uses NTLM authentication.

Disabling and enabling SMB Direct features

As SMB Direct is enabled by default, once disabled, it needs to be manually re-enabled whenever needed. Typically, you won't need to disable SMB Direct, however, you can disable it along with its features, by running the following Windows PowerShell commands.

Why is it a risk? Version 1.0 of SMB contains a bug that can be used to take over control of a remote computer. The US National Security Agency (NSA) developed an exploit (called “EternalBlue”) for this vulnerability which was subsequently leaked.

A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic.