WannaCrypt: Protect yourself from infected network neighbours

The WannaCrypt virus that spread globally on Friday uses the EternalBlue network sharing propagation bug to spread across local networks.

You can hinder the ability to be infected by other computers on your local network by disabling CIFS 1.0 – which is an older network sharing protocol for sharing files on a network. ┬áRunning the following commands should disable CIFS 1.0, but leave the more modern CIFS 2 and CIFS 3 intact.

Please note: IF you have an older Windows machine on your network (Windows XP or earlier), you will probably find that disabling CIFS 1.0 causes file-sharing from your Win 7/8/10 PC with that older machine to stop working.
This unfortunately is something you will have to adapt around. Consider using a dedicated NAS box or setting up a Raspberry Pi to be a CIFS 1.0 host (as Linux distros running CIFS 1.0 should be unaffected by the virus).

First, Run PowerShell:

Start Menu > Search for PowerShell > (Right click PowerShell) > Run as Administrator

Running as Admin is important – these commands will return errors if run as a normal user.

Second, run the following command for your version of Windows:

(The following commands are all on one line – ignore any line breaks added by the scale of the page on your screen.)

Windows 7

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 -Force

Windows 8

Set-SmbServerConfiguration -EnableSMB1Protocol $false

Windows 10

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Third, Restart your PC.

Ok – now your machine is safe from infected network neighbours!
However this DOES NOT stop you from falling victim to the virus if you run it yourself! So be careful opening attachments in emails!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.