A vulnerability scan reports that TCP port 445 on a Windows Server 2022 fileserver is reachable from the public Internet, even though company policy states that only HTTPS (TCP 443) should be exposed externally. Internal users still must map network drives to the server. Which action is the MOST appropriate first step to troubleshoot and remediate this open-port security issue?
Add a deny rule on the perimeter or host firewall that blocks inbound TCP 445 traffic from untrusted networks.
Remove the server's host-A record from external DNS zones.
Apply the latest cumulative Windows security updates to the server.
Stop or disable the Server (LanmanServer) service on the Windows host.
Because the undesirable exposure is occurring at the network perimeter, the quickest non-intrusive fix is to block inbound TCP 445 on the edge or host firewall while you investigate why the rule was missing. Doing so immediately removes external attack surface yet leaves the SMB service available to internal clients. Disabling the Server (SMB) service would break legitimate file-share access, applying patches does not close an already permitted port, and deleting the DNS record would not prevent direct-IP connections to the open port.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TCP port 445 used for?
Open an interactive chat with Bash
Why is it important to block TCP port 445 from untrusted networks?
Open an interactive chat with Bash
What is the role of a perimeter firewall in network security?