SEVEN.LEGEND // V4
Users Online: 1
Total Hits: 8,850
CODES // DATA STREAM
SECURITY CODE & SCRIPTS
« BACK
Quick Close Vulnerable Ports
BATCH
Quickly close windows 11 vulnerable ports. Save file as .bat and run. *Use at own risk
UPLOADED: 2025.10.09
ID: close-windows-ports //
LANG: Batch //
LINES: 42
@echo off setlocal set "GROUP=QuickClose_VulnPorts" :: Must run as Administrator net session >nul 2>&1 || (echo [!] Run this as Administrator.& pause & exit /b 1) echo [+] Enabling Windows Firewall (all profiles)... netsh advfirewall set allprofiles state on >nul echo [+] Removing any existing rules in group "%GROUP%"... netsh advfirewall firewall delete rule group="%GROUP%" >nul 2>&1 echo [+] Adding inbound block rules (all profiles)... :: --- File & Printer sharing / legacy Windows services --- netsh advfirewall firewall add rule name="[%GROUP%] Block SMB (TCP 445)" dir=in action=block protocol=TCP localport=445 profile=any group="%GROUP%" netsh advfirewall firewall add rule name="[%GROUP%] Block NetBIOS (UDP 137)" dir=in action=block protocol=UDP localport=137 profile=any group="%GROUP%" netsh advfirewall firewall add rule name="[%GROUP%] Block NetBIOS (UDP 138)" dir=in action=block protocol=UDP localport=138 profile=any group="%GROUP%" netsh advfirewall firewall add rule name="[%GROUP%] Block NetBIOS (TCP 139)" dir=in action=block protocol=TCP localport=139 profile=any group="%GROUP%" :: --- Remote management / admin surfaces --- netsh advfirewall firewall add rule name="[%GROUP%] Block RPC Endpoint Mapper (TCP 135)" dir=in action=block protocol=TCP localport=135 profile=any group="%GROUP%" netsh advfirewall firewall add rule name="[%GROUP%] Block WinRM HTTP (TCP 5985)" dir=in action=block protocol=TCP localport=5985 profile=any group="%GROUP%" netsh advfirewall firewall add rule name="[%GROUP%] Block WinRM HTTPS (TCP 5986)" dir=in action=block protocol=TCP localport=5986 profile=any group="%GROUP%" :: --- Remote desktop (blocks both transports) --- netsh advfirewall firewall add rule name="[%GROUP%] Block RDP (TCP 3389)" dir=in action=block protocol=TCP localport=3389 profile=any group="%GROUP%" netsh advfirewall firewall add rule name="[%GROUP%] Block RDP (UDP 3389)" dir=in action=block protocol=UDP localport=3389 profile=any group="%GROUP%" :: --- Name/discovery protocols often abused on LANs --- netsh advfirewall firewall add rule name="[%GROUP%] Block LLMNR (UDP 5355)" dir=in action=block protocol=UDP localport=5355 profile=any group="%GROUP%" netsh advfirewall firewall add rule name="[%GROUP%] Block mDNS (UDP 5353)" dir=in action=block protocol=UDP localport=5353 profile=any group="%GROUP%" netsh advfirewall firewall add rule name="[%GROUP%] Block SSDP (UDP 1900)" dir=in action=block protocol=UDP localport=1900 profile=any group="%GROUP%" :: --- Legacy services you likely don't need --- netsh advfirewall firewall add rule name="[%GROUP%] Block Telnet (TCP 23)" dir=in action=block protocol=TCP localport=23 profile=any group="%GROUP%" netsh advfirewall firewall add rule name="[%GROUP%] Block FTP (TCP 21)" dir=in action=block protocol=TCP localport=21 profile=any group="%GROUP%" echo [✓] Vulnerable/unused inbound ports blocked under group "%GROUP%". endlocal