question

selim-5773 avatar image
0 Votes"
selim-5773 asked cheong00 commented

Port Scan on port 445 from ntoskrnl.exe

Hello,

I detect a port scan to multiple internal IP adress from ntoskrnl.exe on port 445.
Can anayone help me to understand if it's a normal bahvior or if it may related to a malware activity ?

Thank you in advance,
Regards,

windows-10-network
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Since all asynchronous I/O from different applications/system components will be listed as hosted by that process, it's unclear whether that's normal SMB discovery activity or actually some malware is on the system.

I would say, pay attention to see if another suspicious process is spawned up, or if other abnormal activities are found. If there's none then maybe you can just ignore that.

0 Votes 0 ·

0 Answers