ATA & Win10

Haim Behar · ‎Aug 26 2018

Hi,

Is there any known issues with Win10 stations & f/p alerts on "Reconnaissance using Directory Services queries ?

I know about the CIFS (445/tcp) “Suspicion of identity theft based on abnormal behavior” and Win10 WUDO..

10x, Haim.

Tali Ash · ‎Aug 26 2018

Hi Haim,

There is no known issue with Win10. What do you experience?

Thanks,

Tali

Haim Behar · ‎Aug 26 2018

Hi Tali,

We have numerous "Reconnaissance using Directory Services queries" from different Win10 :

Windows 10 Pro, 10.0 (16299)

Windows 10 Pro, 10.0 (15063)

Windows 10 Pro, 10.0 (10586)

Windows 10 Pro, 10.0 (14393)

Some started just after the computer was installed via corporate image.

Haim Behar · ‎Aug 26 2018

Hi Tali,

We have numerous "Reconnaissance using Directory Services queries" from different Win10 :

Windows 10 Pro, 10.0 (16299)
Windows 10 Pro, 10.0 (15063)
Windows 10 Pro, 10.0 (10586)
Windows 10 Pro, 10.0 (14393)

Some started just after the computer was installed via corporate image.

Tali Ash · ‎Aug 26 2018

Hi Haim,

There are a lot of machines that generate SAMR queries, therefore we have a learning period to learn the normal behavior. I guess that in a few weeks from now after we will learn it behavior we will stop alert. If you are sure it is FP you can Suppress the alert.

Which devices are they? Lenovo? We know that Lenovo devices might generate SAMR queries and cause FP until we learn it.

Thanks,

Tali

Haim Behar · ‎Aug 26 2018

Why do machines generate SAMR queries ? which process initiate it ?
I think learning period is quite over because ATA is present for almost two years..
Gonna check if Lenovo is relevant.

ATA & Win10

ATA & Win10

Re: ATA & Win10

Re: ATA & Win10

Re: ATA & Win10

Re: ATA & Win10

Re: ATA & Win10

Products (76)

Special Topics (42)

Video Hub (747)

Most Active Hubs

Most Active Hubs

Video Hub

ATA & Win10

ATA & Win10

Re: ATA & Win10

Re: ATA & Win10

Re: ATA & Win10

Re: ATA & Win10

Re: ATA & Win10