Oct 23 2023 06:23 AM
NTLM over RPC:
- Check that TCP Port 135 is open for inbound communication from Defender for Identity Sensors, on all computers in the environment.
- Check all network configuration (firewalls), as this can prevent communication to the relevant ports.
NetBIOS:
- Check that UDP Port 137 is open for inbound communication from Defender for Identity Sensors, on all computers in the environment.
- Check all network configuration (firewalls), as this can prevent communication to the relevant ports.
RDP:
- Check that TCP Port 3389 is open for inbound communication from Defender for Identity Sensors, on all computers in the environment.
- Check all network configuration (firewalls), as this can prevent communication to the relevant ports.
all [trusted organisational Windows] computers in the environment
Oct 23 2023 10:18 AM
SolutionDon't use the exclusions for this, as it would exclude the detections for that IP range.
We have an option to exclude an IP and/or range from NNR.
But you'll need to open a support ticket for that, as it's something that needs to be configured in the backend.
Oct 23 2023 10:18 AM
SolutionDon't use the exclusions for this, as it would exclude the detections for that IP range.
We have an option to exclude an IP and/or range from NNR.
But you'll need to open a support ticket for that, as it's something that needs to be configured in the backend.