disable lateral movement path detection

Is it possible to disable lateral movement path detection ? I just discovered a lot of outging TCP-Connections to TCP-Port 135 in state TIME_WAIT. Event-ID 4227 is logged in System Event log from time to time. I assume this is realted to SAM-R request in context of lateral movement path detection.

EliOfek
Mar 12, 2020
cscherb Yes, contact support to verify this is indeed the cause, and if decision is to disable it, the support engineer can provide you with a script that will disable this feature, but in general you shouldn't see any problem with it.

4 Replies

cscherb
Copper Contributor
Mar 12, 2020
Just to be shure: Request to remote SAM are done by ATA Lightweight Gateway and not bei ATA Center ?
- EliOfek
  Microsoft
  Mar 12, 2020
  cscherb Correct
EliOfek
Microsoft
Mar 12, 2020
cscherb Yes, contact support to verify this is indeed the cause, and if decision is to disable it, the support engineer can provide you with a script that will disable this feature, but in general you shouldn't see any problem with it.
- cscherb
  Copper Contributor
  Mar 12, 2020
  Thanks lot for your quick response !

Forum Discussion

disable lateral movement path detection

4 Replies

Resources