M
My Data Vault
I have a Active Directory Server that is using a constant 18Mbps upload to several servers I am unable to determine how to stop it without breaking the connections to the exchange server on premise.
We have attempted to do the following:
Go to windows firewall > Inbound Rules > Active Directory Domain Controller - LDAP (UDP-in) and change the connection to "Allow the connection if it is secure"
This stops LSASS.exe from getting out the internet, and the bandwidth stops, but then users are unable to authenticate to the Server, and unable to get e-mails.
We attempted to turn every computer off including the exchange server... and the AD is still sending massive data through LSASS.exe.
I confirmed it is the real lsass.exe located in c:\windows\system32\lsass.exe. I used the firewall to prevent it from accessing the internet, but then again all users cannot authenticate and all users cannot open exchange.
I scanned using malwarebytes, and Symantec 4.1 corportate edition.... I am at a loss here. Has anyone seen this before?
Continue reading...
We have attempted to do the following:
Go to windows firewall > Inbound Rules > Active Directory Domain Controller - LDAP (UDP-in) and change the connection to "Allow the connection if it is secure"
This stops LSASS.exe from getting out the internet, and the bandwidth stops, but then users are unable to authenticate to the Server, and unable to get e-mails.
We attempted to turn every computer off including the exchange server... and the AD is still sending massive data through LSASS.exe.
I confirmed it is the real lsass.exe located in c:\windows\system32\lsass.exe. I used the firewall to prevent it from accessing the internet, but then again all users cannot authenticate and all users cannot open exchange.
I scanned using malwarebytes, and Symantec 4.1 corportate edition.... I am at a loss here. Has anyone seen this before?
Continue reading...