Forum Discussion

archedmeerkat's avatar
archedmeerkat
Copper Contributor
Jun 21, 2019
Solved

Azure ATP connection closed errors

I am seeing the following error in the Azure ATP Sensor logs in my environment when running net group "Domain Admins" /domain from member workstations. I do not see the correlated event of a user que...
  • EliOfek's avatar
    EliOfek
    Aug 15, 2019

    archedmeerkat 

    Engineering has researched the sampled capture ans managed to reproduce the issue.
    Sadly, this is not an easy fix, it's a specific traffic/rare traffic on top of SMB1 we were not aware of before and currently cannot parse.
    We have opened a bug for it.
    It is planned but in low priority for now as telemetry shows it happens rarely.
    We will update once we get it resolved so the fix can be verified.
archedmeerkat's avatar
archedmeerkat
Copper Contributor
Aug 16, 2019

EliOfek 

 

Have only seen this in our lab so far, so I think the impact is currently pretty low for us.

EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Aug 16, 2019

archedmeerkat , Yes, I figured so as telemetry showed it is rare as well, I assume not too many people use protocols on top of SMB1 anymore which is good 🙂

Resources