There are known vulnerabilities based on WinRM and it's best practice to disable WinRM.
At registry key path HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service
Set registry key "AllowAutoConfig" to 0. Create it if does not exist.
Or if remote management is not needed, stop and disable service "Windows Remote Management (WS-Management)"