We have a Windows 7 home edition desktop on our network with Symantecs Cloud Installed that keeps getting at least once a day the following and I am trying to resolve whether the machine infected or something. Full Scan/quick scans didn't find anything.
Attacker Port changes but destination stays at 445 as if the machine keeps targeting itself.
OS Attack: Microsoft SMB MS17-010 Disclosure Attempt Risk Level | High Attacker Computer PCNAME (192.168.2.199:63898) Destination Computer PCNAME (192.168.2.199:445) Protocol TCP Attack Signature N/A Attack URL N/A Targeted Application N/A Status Blocked Action No Action Required Date & Time 2/26/2018 9:22 AM
Edited by MasterNe0, 26 February 2018 - 12:57 PM.