Anti-virus can't stop the attack. The attacking software connects directly to the vulnerable service and all that anti-virus does is stop execution of downloaded malware, clicking on attachments, etc. The only way to stop the attack is to stop incoming connections with a firewall. Windows firewall will do it, either stopping all incoming connections or just port 139 which has the vulnerability. You can also turn off SMB v1 compatability which stops it. Or apply the patch. I never patch so I have to do one of the other things to stop it.
..........just saw this this Sunday morning!
What my tech guy told me to do is just “turn it off” and it will go away. In my case, this threat was precisely known to him and all IT guys/gals. Namely, the culprits put a window saying EMERGENCY...........call Microsoft. Well, I bit and called the number. They sounded totally legit and even with background noise etc etc. But they were not Microsoft. They were crooks.