Windows 10 Enterprise Connecting To Numerous(100+) Peer Clients CIFS(port 445) RRS feed

  • Question

  • We have recently started to receive a ton of alerts every hour from ATA due to abnormal behavior where by a Windows 10 Host(just about every windows 10 host on the network) Would connect to between 30-40 computers at a time on the same segment in approximately 1 hour give or take a few minutes.

    Looking at the security logs on all destination computers I can see the source domain user log in and then a few second later log out even if the source domain user does not have access to any of the destination computers.  This activity timestamp matches the CIFS connection timestamps.

    Can someone please enlighten me as to why this is happening or what new feature(s) in Windows 10 Enterprise is causing this activity?

    • Edited by Lyn Dan Thursday, May 17, 2018 1:59 PM
    Thursday, May 17, 2018 1:57 PM

All replies

  • Hi,

    It seems related to the SMB. What kind of SMB are you using? 2.0, 3.0?

    Also you could check if it caused by the NTuser.dat file in the default profile folder.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, May 18, 2018 3:10 AM