SOLVED

disable lateral movement path detection

%3CLINGO-SUB%20id%3D%22lingo-sub-1224424%22%20slang%3D%22en-US%22%3Edisable%20lateral%20movement%20path%20detection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1224424%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20possible%20to%20disable%20lateral%20movement%20path%20detection%20%3F%20I%20just%20discovered%20a%20lot%20of%20outging%20TCP-Connections%20to%20TCP-Port%20135%20in%20state%20TIME_WAIT.%20Event-ID%26nbsp%3B%3CFONT%3E4227%3C%2FFONT%3E%20is%20logged%20in%20System%20Event%20log%20from%20time%20to%20time.%20I%20assume%20this%20is%20realted%20to%20SAM-R%20request%20in%20context%20of%26nbsp%3B%3CSPAN%3Elateral%20movement%20path%20detection%3C%2FSPAN%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1224424%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdvanced%20Threat%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESAM-R%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1224441%22%20slang%3D%22en-US%22%3ERe%3A%20disable%20lateral%20movement%20path%20detection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1224441%22%20slang%3D%22en-US%22%3EThanks%20lot%20for%20your%20quick%20response%20!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1224428%22%20slang%3D%22en-US%22%3ERe%3A%20disable%20lateral%20movement%20path%20detection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1224428%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551581%22%20target%3D%22_blank%22%3E%40cscherb%3C%2FA%3E%26nbsp%3BYes%2C%20contact%20support%20to%20verify%20this%20is%20indeed%20the%20cause%2C%20and%20if%20decision%20is%20to%20disable%20it%2C%20the%20support%20engineer%20can%20provide%20you%20with%20a%20script%20that%20will%20disable%20this%20feature%2C%20but%20in%20general%20you%20shouldn't%20see%20any%20problem%20with%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1224674%22%20slang%3D%22en-US%22%3ERE%3A%20disable%20lateral%20movement%20path%20detection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1224674%22%20slang%3D%22en-US%22%3EJust%20to%20be%20shure%3A%20Request%20to%20remote%20SAM%20are%20done%20by%20ATA%20Lightweight%20Gateway%20and%20not%20bei%20ATA%20Center%20%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1224703%22%20slang%3D%22en-US%22%3ERE%3A%20disable%20lateral%20movement%20path%20detection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1224703%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551581%22%20target%3D%22_blank%22%3E%40cscherb%3C%2FA%3E%26nbsp%3B%20Correct%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Is it possible to disable lateral movement path detection ? I just discovered a lot of outging TCP-Connections to TCP-Port 135 in state TIME_WAIT. Event-ID 4227 is logged in System Event log from time to time. I assume this is realted to SAM-R request in context of lateral movement path detection.

4 Replies
Highlighted
Best Response confirmed by cscherb (New Contributor)
Solution

@cscherb Yes, contact support to verify this is indeed the cause, and if decision is to disable it, the support engineer can provide you with a script that will disable this feature, but in general you shouldn't see any problem with it.

Highlighted
Thanks lot for your quick response !
Highlighted
Just to be shure: Request to remote SAM are done by ATA Lightweight Gateway and not bei ATA Center ?
Highlighted