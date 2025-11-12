SMB Ports 139 and 445 Explained with Quick Security Steps
SMB ports 139 and 445 are essential for file and printer sharing across Windows networks. However, these same ports are often exploited by attackers, making it important to understand how they work and how to secure them effectively. This guide explains their differences, how to check their status, and steps to disable or protect them on Windows 11.
Table of contents
- All You Need to Know About SMB Ports 139 and 445
- What Are SMB Ports 139 and 445
- Why Are SMB Ports 139 and 445 Important
- How to Check If SMB Ports 139 and 445 Are Open
- How to Disable SMB Ports 139 and 445
- How to Secure SMB Ports Without Disabling Them
- FAQs
- Final Thoughts
All You Need to Know About SMB Ports 139 and 445
What Are SMB Ports 139 and 445
SMB is a network file sharing protocol used by Windows systems to share files, printers, and other resources. Two ports are primarily associated with SMB communication: Port 139 and Port 445.
- Port 139: Used by SMB over NetBIOS in older stacks such as SMBv1.
- Port 445: Used by SMB directly over TCP in modern versions such as SMBv2 and SMBv3.
Learn how to open ports in Windows Server if you need to manage SMB access in a server environment.
Why Are SMB Ports 139 and 445 Important
These ports enable file and printer sharing, authentication with Active Directory, and remote administration. They also introduce risk if exposed on public or untrusted networks because they are frequent targets for malware and ransomware.
How to Check If SMB Ports 139 and 445 Are Open
1. Using Command Prompt
Use Command Prompt to quickly see if the ports are listening.
- Press Windows + R, type cmd, and press Enter.
- Type netstat -an | find “139” and press Enter.
- Type netstat -an | find “445” and press Enter.
- Look for LISTENING to confirm the port is active.
2. Using PowerShell
PowerShell provides a targeted connectivity test for each port.
- Open PowerShell as Administrator.
- Run
Test-NetConnection -ComputerName localhost -Port 445
- Review the output to confirm whether the port is open or blocked.
If the ports appear blocked, check whether Windows Firewall is the cause by following this guide on how to tell if Windows Firewall is blocking a port or program.
How to Disable SMB Ports 139 and 445
1. Turn Off SMBv1 for Port 139
Disable SMBv1 to remove legacy exposure.
- Open Control Panel then select Programs and choose Turn Windows features on or off.
- Uncheck SMB 1.0/CIFS File Sharing Support.
- Click OK and restart the PC.
2. Disable SMBv2 and SMBv3 for Port 445
Use PowerShell to disable modern SMB versions if absolutely necessary.
- Launch PowerShell as Administrator.
- Run
Set-SmbServerConfiguration -EnableSMB2Protocol $false
- Restart the computer to apply changes.
Note: Disabling SMB can break file sharing and domain authentication. Only proceed if your environment does not rely on SMB.
How to Secure SMB Ports Without Disabling Them
If your network depends on SMB, harden the service rather than turning it off. Proper firewall rules and strong authentication significantly reduce risk.
- Restrict SMB to trusted IP ranges using a firewall.
- Enable SMB signing to verify message integrity.
- Keep Windows and SMB protocol components updated.
- Disable guest access and enforce strong authentication.
For granular control, follow this guide to open firewall ports safely in Windows and configure SMB securely.
FAQs
They are used for file and printer sharing, authentication, and remote access between Windows devices.
Yes, block them on public or untrusted networks and keep them open only on secured private LANs.
File and printer sharing may stop, and domain logons can fail in networked environments.
No. SMBv1 is outdated and insecure and should be disabled due to known exploits such as WannaCry.
Final Thoughts
SMB ports 139 and 445 are vital for Windows networking but can expose systems if misconfigured. If you rely on file sharing, secure these ports with tight firewall rules and strong authentication. If you do not need SMB, disabling it is the safest option.
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
User forum
0 messages