Port 445 is used by newer versions (post 2000) of SMB and has recently (2022/23) become an increasing hazard for attracting ransomware and hackers. The issue is not the common one of stopping traffic entering a network but rather blocking traffic on 445 leaving the LAN and being tricked into connecting to a toxic source on a remote network.
See this note from Microsoft, and this one on the 'Wannacry' ransomware product. The relevant CERT note is here. [Note this is not a new thing..]
Actually, unless one needs SMB File & Print sharing across the Internet - and trust me, your really don't - then blocking port 445 in and outbound is a good idea..
So set up your perimeter firewall to block 445 using whatever filter system it offers.
But how to test you are really blocking 445 traffic?
Well, Syslog can be used to see if any 445 packets are escaping but a more proactive solution is to use portquiz.net By using this 'responds to everything' echo server along with telnet allows you to be confident that 445 traffic can't escape.
Syslog showing port 445 traffic being blocked
Firewall rule to block 445 on Draytek 3910
Left black window shows 445 being blocked, right blue window shows 443 (https) traffic being passed.