Hello,
I detect a port scan to multiple internal IP adress from ntoskrnl.exe on port 445.
Can anayone help me to understand if it's a normal bahvior or if it may related to a malware activity ?
Thank you in advance,
Regards,
Hello,
I detect a port scan to multiple internal IP adress from ntoskrnl.exe on port 445.
Can anayone help me to understand if it's a normal bahvior or if it may related to a malware activity ?
Thank you in advance,
Regards,
Since all asynchronous I/O from different applications/system components will be listed as hosted by that process, it's unclear whether that's normal SMB discovery activity or actually some malware is on the system.
I would say, pay attention to see if another suspicious process is spawned up, or if other abnormal activities are found. If there's none then maybe you can just ignore that.
1 Person is following this question.