>>Hi,
>>
>>I receive this message from a customer who runs my application. The application is using SQL Server and the application cannot connect to the SQL Server. I think something to do with ODBC driver. But here is the message:
>>

>>With the release of Windows 10 version 1803, Microsoft added something to their Windows Defender component that
>>cannot be disabled directly which actively blocks all network communication attempts from any applications being 
>>run from a SMB 1.X network share.  
>>

>>
>>Which means that they cannot run my application from this share. Frankly I don't understand what is "SMB 1.X". Could someone please explain? Anyone else is having this issue with their application?
>
>"SMB 1.x" refers to Server Message Block (SMB) version 1 network protocol. This was used for Microsoft networking up to and including Windows XP/Server 2003.
>
>Windows Vista/Server 2008 introduced SMB2 (2.x). The latest version is SMB3 (3.x).
>
>There are a lot of security and other problems with SMB1: https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ . That link also discusses a few edge cases where you may legitimately still need to use it.
>
>Microsoft has deprecated it, and it is no longer installed/enabled by default in Windows 10 1709 and later: https://support.microsoft.com/en-ca/help/4034314/smbv1-is-not-installed-by-default-in-windows . This is probably the issue your customer is seeing, rather than something with Defender. I could not find anything about Defender blocking SMB1.
>
>As you've no doubt seen, there have been several threads over the years discussing problems with VFP apps and SMB2 and later, and how to work around them. In the early days (i.e. Windows Vista/2007 or so) the "quick and dirty" "fix" was to disable SMB2, forcing workstations to fall back to SMB1. That practice is now highly discouraged; increasingly, various Windows services and components rely on SMB2 or later. In order to address the issues of VFP with SMB2, the current recommendation is to leave SMB2+ enabled, but make some Registry settings per http://www.alaska-software.com/community/smb2.cxp .
>
>If, somehow, SMB2 has been disabled on Windows 10, and Windows 10 has been upgraded to version 1709 or later, it may be possible that no SMB version is available, since SMB1 may no longer be present as a fallback for the disabled SMB2+. That might explain why a machine can't connect to network shares or other network resources (e.g. SQL Server) via SMB. If that's the case, any registry or Group Policy changes made to disable SMB2+ will need to be rolled back.
>
>As an alternative, SMB1 can be manually installed/enabled on the most recent versions of Windows 10: https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and
>
>But, you should not need to do this:
>
>- SMB2+ works fine as a network protocol for a workstation to be able to find and connect to SQL Server
>- On the SQL Server, the firewall must allow incoming connections to SQL Server (this should not have changed)
>- On the SQL Server host, the SQL Server Browser Service usually is configured to start with SQL Server. This service helps network clients find the SQL Server instance, especially if it's a named instance rather than the default instance name. This also should not have changed
>- I haven't heard of any issues with ODBC drivers following a Windows 10 feature upgrade, but I suppose it's not impossible
>
>So, SMB1 is not necessary for a VFP app to connect to a SQL Server instance, and hasn't been for 10 years or so. If a network environment is still relying on SMB1, in most cases it should immediately be reconfigured to remove SMB1 and use SMB2+, per the article above discussing why SMB1 is bad.

Al, thank you very much for the detailed explanation of the SMB technologies/issues.

As I mentioned to Martina, the client is planning to move the app to the Server 2016. How soon, I don't know. They moved the EXE to the local drives on all computers. Which present a problem for me as far as applying updates/patches to the EXE.