They don't. However, it takes one laptop user to bring it in and it will take down the whole internal network if there are not multiple firewalls and complex protection systems. It is waaay harder than just blocking it at the router.
Secondly, port 445 does have a legitiate use: Microsoft Directory Services. You can block this from the net, but you can't just block it on your internal network as it is vital for Windows networking to function.