Thursday, April 22, 2021

MS-KMS & MSRPC-BASE flagged by Palo Alto

Hi guys,

Maybe you can assist with an issue that I'm currently experiencing.

I have two devices that have the two protocols flagged and blocked by the FW.

As in theory I understand what triggers the two protocols, I have no actual idea what to check might be the issue to see if there has been an actual breach or not.

The protocols are flagged trying continuously to target some IP's (probably servers?)that belong to private intranets.

I have checked on the windows machines if there are any Ms products that might need activating (for KMS) and found nothing.

Only issue for one user was that Teams apparently wasn't able to send messages for a short while yesterday, but has since been working.

Thanks for your help!



No comments:

Post a Comment