Forum Discussion

manhattan9305's avatar
manhattan9305
Copper Contributor
Jun 27, 2021

SMBClient in Event Viewer

Hi there,

I am quite concerned as when looking in my Event Viewer (Windows 10) and looking under Applications and Services, and then SMBClient Connectivity, I am seeing over 9,000 entries dating back to 2019 and at pretty much all times I am running the PC. The event ID’s range from 30810, 30811, 30812, and 30813.
Under the general tab, in most cases it says “A TC/IP binding was added to the specific network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TC/IP. You should expect this event when a computer restarts or when a previously disabled network adapter is re-enabled. No user action is required.”
Under name, the entries vary from Local Area Connection* 3, Local Area Connection* 4, Ethernet, WiFi, and \Device\ NETBT_Tcpip
These logs are only for times that I am using the PC.

Local Area Connection* 3, Local Area Connection* 4, Ethernet, WiFi, and \Device\ NETBT_Tcpip are in my Network properties, but it states that they are all not operational and disconnected.

Does this mean that people or someone has been accessing my computer remotely and I haven’t realised? Please help with this, thanks
  • manhattan9305 

    Hi
    you can disable SMB1 - if you have it still running.
    Control Panel> Windows > SMB1- disable.
    Write if it works!
    Good luck

    • manhattan9305's avatar
      manhattan9305
      Copper Contributor

      Thank you for your reply.. the problem is when I look at Control Panel, I don’t see anywhere saying “Windows”. I see “System & Security, Network and Internet, Hardware and Sound, Programs, User Accounts, Appearance and Personalisation, Clock and Region, and Ease of Access”.
      Also, would you be able to explain if those notifications saying SMBClient in my Event Viewer mean that somebody has been remotely accessing the computer? I’m concerned about that, and despite trying to do a lot of research online, I’m still unclear on what this means.

      I’m also seeing events for WMI-Activity and OpenSSH, two things I am not familiar with and don’t really understand
      Thanks so much for your help, I appreciate it

      • Deleted's avatar
        Deleted

        manhattan9305 

        Of course Windows Features!
        In the control panel it is where - uninstall the program!
        This outdated feature can be disabled!

Resources