Disable SMBv1 client driver

Disabling SMBv1 support may prevent access to file or print sharing resources with systems or devices that only support SMBv1.

Potential risk

SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks as well as not being FIPS compliant.

Remediation options

Option 1 - Set the following registry value:
HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\Start

To the following REG_DWORD value: 4

Option 2 - Set the following Group Policy:
Computer Configuration\Policies\Administrative Templates\MS Security Guide\Configure SMB v1 client driver

To the following value: Enabled\Disable driver