May 03 2019 04:31 AM
Hello Team,
I am using the licensed Windows Defender Security Center.
While seeing a triggered alert one of machine, I saw a section -"Logged on users (last 30 days)"
Which is probably meaning that, "Num of users have logged in a machine".
I amazed when I saw this much number of user logged on a single host. As I asked to user but he replied as no, he is the only who is using to login.
Can anyone suggest, what to investigate in this case? and why this is showing much count?
**Full scan done already.
Sep 26 2019 10:38 AM
@Arpit3655 did you discover the cause?
We are seeing the same thing. Several (10+) network logins from users accounts that we cant explain. Happening on only a few of our machines.
Oct 07 2019 01:00 PM
Nov 08 2019 01:23 PM
@Arpit3655 @bartlettdn
Bumping this. We deployed Azure ATA to suck in AD data for more visibility, however that didn't reveal an answer.
Nov 09 2019 02:17 AM
@Arpit3655can you share what type of users you are seeing? I noticed this in a couple of machines but when you look at the list of users only one was human, and then I had system accounts listed - which kinda makes sense.
Jul 29 2021 01:22 AM