News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Win10 1709 and later are supposed to uninstall SMBv1 if it isn’t used — but 1803 doesn’t work that way

    Posted on July 21st, 2018 at 06:42 woody Comment on the AskWoody Lounge

    Many of you have read about the evils of SMBv1, one of the great Windows malware attack vectors of all time.

    Microsoft fixed much of the problem back with Win10 1709. Here’s the story, with lots of specifics:

    In Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3) and later versions, the Server Message Block version 1 (SMBv1) network protocol is no longer installed by default…

    Windows 10 Home and Windows 10 Professional still contain the SMBv1 client by default after a clean installation. If the SMBv1 client is not used for 15 days in total (excluding the computer being turned off), it automatically uninstalls itself.

    But there’s a catch. Per Ned Pyle, the “uninstall if not used” feature in 1709 doesn’t happen if you do a fresh install of 1803. It also doesn’t happen if you upgrade directly from 1703 to 1803.

    Pyle also says that the latest beta versions of Win10 1809 (or whatever it’ll be called) have the same problem.

    Oh boy.

    Thx @sb

  • Patch lady – Scanners and SMBv1

    Posted on April 16th, 2018 at 01:35 Susan Bradley Comment on the AskWoody Lounge

    So if your older scanner suddenly doesn’t work consider this:  In 1709 if you did an in place upgrade, you retain the SMBv1 in your networking configuration.  However because this is deemed very unsafe (and it is a risk to keep it enabled), Microsoft does a check to see if you are still using it.  “In-place upgrades and Insider flights of Windows 10 Home and Windows 10 Professional do not automatically remove SMB1 initially. If the SMBv1 client or server is not used for 15 days in total (excluding the time during which the computer is off), they each automatically uninstall themselves.”

    So 15 days after SMBv1 on the client is not used, the system will send a dism command to disable SMBv1

    If suddenly your clients (if you are a consultant), or you (if it’s your computer) won’t scan to computer or scan to share, and you are using an older multi function device, go into your Windows 10 1709 and see if you can spot this in your event log in the setup section:

    Event 8

    Initiating changes to turn off update SMB1Protocol-Client of package SMB1-Package. Client id: DISM Package Manager Provider.

    If so, see if your printer/scanner manufacturer has a firmware update to support SMBv2 or SMBv3.  If not, you may need to either purchase a new device, or decide to lower your defenses.  Remember SMBv1 is often used in attacks to gain more rights and more toe-holds into a system and thus distribute ransomware.

    Bottom line if suddenly you can’t scan to a folder, check to see if that device only supports SMBv1 and then decide if you want to risk enabling it.

  • List of problematic SMBv1-only hardware, from NedPyle

    Posted on July 7th, 2017 at 19:31 woody Comment on the AskWoody Lounge

    No doubt you’ve been following the SMBv1 controversy, where an ancient protocol is exposing lots of machines to WannaCry-class malware. You or your company may well have started disabling it.

    Microsoft’s Ned Pyle (@NerdPyle on Twitter) has compiled a lengthy list of hardware that only works with SMBv1. It’s a sobering list.

  • Turn off SMBv1 on Windows, but be aware of the consequences

    Posted on June 30th, 2017 at 18:01 woody Comment on the AskWoody Lounge

    Good series of articles from Barb Bowman, taking normal everyday users through the steps to disable SMBv1, the Windows system utility that put the “cry” in WannaCry.

    The first article explains how to turn it off.

    The second article gives workarounds for common problems with disabling the ancient protocol.