Forum Discussion

Copper Contributor

Jun 21, 2019

Solved

Azure ATP connection closed errors

I am seeing the following error in the Azure ATP Sensor logs in my environment when running net group "Domain Admins" /domain from member workstations. I do not see the correlated event of a user que...

EliOfek
Aug 15, 2019
archedmeerkat

Engineering has researched the sampled capture ans managed to reproduce the issue.

Sadly, this is not an easy fix, it's a specific traffic/rare traffic on top of SMB1 we were not aware of before and currently cannot parse.

We have opened a bug for it.

It is planned but in low priority for now as telemetry shows it happens rarely.

We will update once we get it resolved so the fix can be verified.

archedmeerkat

Copper Contributor

Aug 01, 2019

EliOfek

I've sent the case number over in a private message, but wasn't sure how to add you to the case. I'll see if I can have that done shortly.

EliOfek

Microsoft

Aug 15, 2019

archedmeerkat

Engineering has researched the sampled capture ans managed to reproduce the issue.

Sadly, this is not an easy fix, it's a specific traffic/rare traffic on top of SMB1 we were not aware of before and currently cannot parse.

We have opened a bug for it.

It is planned but in low priority for now as telemetry shows it happens rarely.

We will update once we get it resolved so the fix can be verified.

EliOfek
Microsoft
Aug 16, 2019
archedmeerkat , Yes, I figured so as telemetry showed it is rare as well, I assume not too many people use protocols on top of SMB1 anymore which is good 🙂
archedmeerkat
Copper Contributor
Aug 16, 2019
EliOfek

Have only seen this in our lab so far, so I think the impact is currently pretty low for us.