echo 删除同名策略
netsh ipsec static delete policy ShieldDangerousPort

echo 生成策略中
netsh ipsec static add policy name=ShieldDangerousPort

echo 建立一个筛选器操作”阻止”
Netsh ipsec static add filteraction name = 阻止 action =block

echo 建立一个筛选器列表“可访问的终端列表”
Netsh ipsec static add filterlist name = ShieldDangerousPortFilter

Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=445 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=135 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=138 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=137 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=139 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1443 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1444 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=445 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=135 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=138 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=137 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=139 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1443 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1444 protocol=udp

echo 建立策略规则
Netsh ipsec static add rule name =阻止高危端口 Policy =ShieldDangerousPort filterlist =ShieldDangerousPortFilter filteraction = 阻止

echo 激活策略
netsh ipsec static set policy name = ShieldDangerousPort assign = y

以上改为批处理就可以了。封的端口为:TCP和UDP的135 137 138 139 445 1443 1444 duankou

查看445端口是否关闭:
netstat -ano -p tcp | find "445" >nul 2>nul && echo 445端口已开启 请尽快关闭端口 并打补丁 || echo 445端口未开启 您可以放心使用

懒人下载:高危端口关闭.rar