How to Disable UPnP on Windows to Reduce Network Risk

What Causes This?

UPnP (Universal Plug and Play) lets devices and apps on your network automatically open ports and create network rules without asking you each time. That convenience can become a security risk if a device, game, app, or malware uses UPnP to expose services to your local network or even the internet through your router. On Windows, related discovery and device-host services can also keep UPnP active when you do not need it.

Common Symptoms

• Devices or apps appear on your network automatically without much setup
• Router ports seem to open on their own for games, media apps, or remote tools
• Security scans report unnecessary open services or exposed ports
• You want a smaller attack surface on a home or office network
• Network discovery features stay enabled even when you do not use them

How to Fix It Manually

1. Turn off Network Discovery in Windows

   1. Press Windows + I to open Settings.
   2. Go to Network & internet.
   3. Click Advanced network settings.
   4. Open Advanced sharing settings.
   5. Under your current network profile, turn Network discovery Off.
   6. If you do not need sharing, also turn File and printer sharing Off.

2. Disable UPnP-related Windows services

   1. Press Windows + R, type services.msc, and press Enter.
   2. In the Services window, find SSDP Discovery.
   3. Double-click it, click Stop, then set Startup type to Disabled.
   4. Click Apply.
   5. Next, find UPnP Device Host.
   6. Double-click it, click Stop, then set Startup type to Disabled.
   7. Click Apply, then OK.

3. Check Windows Defender Firewall rules

   1. Press Windows, type Windows Defender Firewall with Advanced Security, and open it.
   2. Click Inbound Rules in the left pane.
   3. Look for rules related to Network Discovery, SSDP, UPnP, or apps you do not want reachable over the network.
   4. Right-click any unnecessary rule and choose Disable Rule.
   5. Repeat under Outbound Rules if needed.

4. Disable UPnP on your router

   1. Open a web browser and sign in to your router’s admin page. This is often at 192.168.0.1 or 192.168.1.1.
   2. Look for settings named UPnP, Universal Plug and Play, NAT Forwarding, or Advanced.
   3. Turn UPnP Off and save the change.
   4. Restart the router if prompted.
   5. This step matters because even if Windows services are off, your router can still allow automatic port mappings from other devices.

5. Restart your PC and verify

   1. Restart Windows.
   2. Press Ctrl + Shift + Esc to open Task Manager, then check that no app you do not trust is heavily using the network.
   3. If you use a port scanner or your router’s connected-device page, confirm that unnecessary services are no longer exposed.

Fix It Automatically with Kudu

Kudu can help you review network-exposed services, spot unnecessary startup and background components, and reduce risk without digging through multiple Windows menus. If UPnP-related behavior is tied to apps, services, or other system clutter, Kudu makes it faster to identify what should be disabled or cleaned up.

Download Kudu Free →