topic OneAgent v1.277.165 on Win Srv 2019 v1809 generates thousands of logins to 445 SMB in Open Q&A https://community.dynatrace.com/t5/Open-Q-A/OneAgent-v1-277-165-on-Win-Srv-2019-v1809-generates-thousands-of/m-p/230378#M29868 <P>Hello.</P><P>On a Windows box A (<SPAN>Windows Server 2019 Version 1809 OS Build 17763.5122</SPAN>), we upgraded OneAgent from&nbsp;<SPAN>1.271.135.20230810-115019 to 1.277.165.20231024-150054 : we get thousands of network attempted logins from box A, with many local technical users, and many Active Directory recently connected users, to many Windows&nbsp; targets machines on port 445 (SMB). Some times thousands per minute. Also toward Unix boxes. It is not constant. Happens some times for hour, sometime&nbsp;for minutes. It triggers alerts here. And stopped us to deploy this version on the parc.</SPAN></P><P><SPAN>When we stop or rollback OneAgent : no problem any more.<BR />We tried intermédiate version :&nbsp;1.275.146.20231002-095820 : looks like no problem in that case.<BR />We also tried latest OA version :&nbsp;1.277.196 : same problem.</SPAN></P><P><SPAN>Looks like brute force attack. Maybe attempting vulnerabilities exploit ?</SPAN></P><P><SPAN>Any one exposed to that ? Any known solutions ?</SPAN></P><P><SPAN>Regards.</SPAN></P><P><SPAN>--</SPAN></P><P>Tickets ref:<BR />Dynatrace:&nbsp;250650<BR />Private internal: Jira&nbsp;DEVOPS-15019</P> Thu, 30 Nov 2023 08:58:03 GMT gilles_tabary 2023-11-30T08:58:03Z OneAgent v1.277.165 on Win Srv 2019 v1809 generates thousands of logins to 445 SMB https://community.dynatrace.com/t5/Open-Q-A/OneAgent-v1-277-165-on-Win-Srv-2019-v1809-generates-thousands-of/m-p/230378#M29868 <P>Hello.</P><P>On a Windows box A (<SPAN>Windows Server 2019 Version 1809 OS Build 17763.5122</SPAN>), we upgraded OneAgent from&nbsp;<SPAN>1.271.135.20230810-115019 to 1.277.165.20231024-150054 : we get thousands of network attempted logins from box A, with many local technical users, and many Active Directory recently connected users, to many Windows&nbsp; targets machines on port 445 (SMB). Some times thousands per minute. Also toward Unix boxes. It is not constant. Happens some times for hour, sometime&nbsp;for minutes. It triggers alerts here. And stopped us to deploy this version on the parc.</SPAN></P><P><SPAN>When we stop or rollback OneAgent : no problem any more.<BR />We tried intermédiate version :&nbsp;1.275.146.20231002-095820 : looks like no problem in that case.<BR />We also tried latest OA version :&nbsp;1.277.196 : same problem.</SPAN></P><P><SPAN>Looks like brute force attack. Maybe attempting vulnerabilities exploit ?</SPAN></P><P><SPAN>Any one exposed to that ? Any known solutions ?</SPAN></P><P><SPAN>Regards.</SPAN></P><P><SPAN>--</SPAN></P><P>Tickets ref:<BR />Dynatrace:&nbsp;250650<BR />Private internal: Jira&nbsp;DEVOPS-15019</P> Thu, 30 Nov 2023 08:58:03 GMT https://community.dynatrace.com/t5/Open-Q-A/OneAgent-v1-277-165-on-Win-Srv-2019-v1809-generates-thousands-of/m-p/230378#M29868 gilles_tabary 2023-11-30T08:58:03Z Re: OneAgent v1.277.165 on Win Srv 2019 v1809 generates thousands of logins to 445 SMB https://community.dynatrace.com/t5/Open-Q-A/OneAgent-v1-277-165-on-Win-Srv-2019-v1809-generates-thousands-of/m-p/237232#M31095 <P>Turns out</P><P>- it can be mitigated by excluding network disk monitoring&nbsp;</P><P>&nbsp;</P><LI-CODE lang="java">Operating system: 'Windows', name: ''\\*\*' Operating system: 'Windows', name: '\\*'</LI-CODE><P>&nbsp;</P><P>- support says "we found a bug"</P> Thu, 15 Feb 2024 12:08:57 GMT https://community.dynatrace.com/t5/Open-Q-A/OneAgent-v1-277-165-on-Win-Srv-2019-v1809-generates-thousands-of/m-p/237232#M31095 gilles_tabary 2024-02-15T12:08:57Z