Hardening a file-serving Windows Server 2019 instance

First of all, reinstall the server, because :

1. This one might be compromised and can't be trusted anymore.
2. Windows is secure by default, and maybe someone lowered the security settings of your server, hard to tell if there are no documentation.

You can take a look at this canonical question: How do I deal with a compromised server?

Check the Windows Security Baselines too, Microsoft updates them regularly.

About the firewall rules, you can export them first :

If you don't need RDP, remote management, remote powershell,... it's safe to disable or delete the default rules (ensure you can access the VM console first, if you remove everything you won't be able to connect using RDP) and create the rules that you need.