I started to get a Health Monitor Errors Access Permissions > 10 warning a few weeks back that coincided with some memmory and page faults. We have just upgraded the ram from 1GB to 2GB, restarted and not a few minutes after the server came back up we got this warning again (the memmory and page faults have gone).
The decription says:
The number of times opens on behalf of clients have failed with STATUS_ACCESS_DENIED. Can indicate whether somebody is randomly attempting to access files in hopes of getting at something that was not properly protected.
We are running daily updated virus software here, and all the latest SPs.
I've run AdAware with the latest def file, and Trojan Remover which both detected nothing.
What else can I check to get to the root of this warning?
Is there any way I can check where these permission errors are coming from because at the moment I cant tell on what files the errors are occuring.
I'm guessing that there is a computer on my network some where that's got a trojan of some kind running thats scanning the server? Or someone from outside trying to access files on the server through the internet?
I've got no idea of where to start in hunting for this. Any help is very appreciated.