I've got an interesting software configuration (Alfresco CIFS) that requires me to block access to the Windows SMB port for proper operation. I tried adding a new inbound firewall rule at the top that blocks 445/tcp, but it seems to be ignored. If I try to edit the preexisting Windows SMB rule, I'm unable due to a "This rule has been applied by the system administrator and cannot be modified". I am the system administrator and am running this as an escalated process... What's the best (or any workable) way to block 445/tcp on Windows 2012R2 DataCenter?
Asked
Active
Viewed 7,220 times
0
-
1May want to check either Group Policy or local Security policy to see if that port is opened by either of those. – Get-HomeByFiveOClock Sep 26 '14 at 19:39
-
No policies applied that involve the firewall. – Brian Knoblauch Sep 29 '14 at 13:40
-
That is indeed strange then!? Are you sure an explicit DENY rule on the firewall doesn't block it? Windows firewall should evaluates DENY rules before the ALLOWS [see](http://technet.microsoft.com/en-us/library/cc755191(v=ws.10).aspx). Another option is to block it later (after passing through the windows firewall) with your anti-virus, given that your particular antivirus software will allow you to block individual ports. – Get-HomeByFiveOClock Sep 29 '14 at 14:41
-
I just had another thought. I blocked 445/TCP on IPv6 and IPv4. I wonder if Alfresco only listens on 135 on IPv4? Clients normally try IPv6 first and if Alfresco isn't overriding that too, Windows would snag it... – Brian Knoblauch Sep 29 '14 at 14:47
2 Answers
0
I'm having the same problem. I can actually disable the 445 in rules. I can also set them to block as well as the explicit block rule. I'm suspecting there is something working differently in 2012 than 2008, I gave my host a different name, disabled the Alfresco SMB server and I can still enumerate default file shares on the host (admin$, C$, Z$). It shouldn't give me anything back when I'm querying //alfresco instead of the real name of the server... With Wireshark I can see the client trying to use 445, failing a few times and then falling back to port 139. What seems to work is disabling Windows file and print sharing on the network interface (network control panel, select interface, properties, untick file and printer sharing) I still can't get the CIFS authentication with AD to work, but at least the attempt is hitting the right engine now!
Max Allan
- 303
- 1
- 4
- 11
0
I found the solution for my problem.
The problem is virus:
https://vms.drweb.com/virus/?i=15346534&lng=en
Find the problem:
C:\Windows\system32>netsh ipsec static show policy all
Policy Name : qianye
Description : NONE
Last Modified : 14-12-2019 19:08:13
Assigned : YES
Master PFS : NO
Polling Interval : 180 minutes
No. of policies : 1
The solution:
C:\Windows\system32>netsh ipsec static delete policy name=qianye
