phreesia
asked on
Security Auditing
Experts,
I normally check out my event viewer to monitor security activities. Suddenly I noticed that all security events are gone except Event ID: 517. This event clearly indicates that the audit log was cleared. I am finding this very suspicious. Does this mean that some one deliberately cleared the audits or does it have anything to do with the domain policy and how to prevent this and how to retrieve the old audits?
Event:
Date: 6/21/2005
Category: System Event
Type: Success A Event ID: 517
User: NT AUTHORITY\SYSTEM
Computer: swfactory
Also why the date is set to 2005 and this computer name does not exist in the domain.
Please advise. Thanks
I normally check out my event viewer to monitor security activities. Suddenly I noticed that all security events are gone except Event ID: 517. This event clearly indicates that the audit log was cleared. I am finding this very suspicious. Does this mean that some one deliberately cleared the audits or does it have anything to do with the domain policy and how to prevent this and how to retrieve the old audits?
Event:
Date: 6/21/2005
Category: System Event
Type: Success A Event ID: 517
User: NT AUTHORITY\SYSTEM
Computer: swfactory
Also why the date is set to 2005 and this computer name does not exist in the domain.
Please advise. Thanks
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
We actually do have access points in placed. They are secure and configured with WPA, PSK. I am not familiar with f-secure BlackLight or Sysinternals Rootkit Revealer. Are these third party utilities?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
The RootkitRevealer looks interesting. I just scanned and got these results:
HKLM\SOFTWARE\Microsoft\Cr yptography \RNG\Seed
HKLM\SOFTWARE|Microsoft\Wi ndows NT\CurrentVerssion\Prefetc her\Traces Processed
\TracesSuccessful
\LastTraceFailure
C:\\WINDOWS\Temp\Perfib_Pe rfdata_179 c.dat
C:\\WINDOWS\Temp\Perfib_Pe rfdata_lea 4.dat
What should I understand from this?
HKLM\SOFTWARE\Microsoft\Cr
HKLM\SOFTWARE|Microsoft\Wi
\TracesSuccessful
\LastTraceFailure
C:\\WINDOWS\Temp\Perfib_Pe
C:\\WINDOWS\Temp\Perfib_Pe
What should I understand from this?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Don't see anything in Autorun however netstat came back with a big list. Is it okay to post it I am not familiar with the list?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Active Connections
Proto Local Address Foreign Address State PID
TCP Bobby:ftp Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:smtp Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:http Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:epmap Bobby.phreesia.net:0 LISTENING 1028
c:\windows\system32\WS2_32 .dll
C:\WINDOWS\system32\RPCRT4 .dll
c:\windows\system32\rpcss. dll
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\ADVAPI 32.dll
[svchost.exe]
TCP Bobby:https Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:microsoft-ds Bobby.phreesia.net:0 LISTENING 4
[System]
TCP Bobby:1052 Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:1058 Bobby.phreesia.net:0 LISTENING 2060
[DLPWDNT.EXE]
TCP Bobby:1984 Bobby.phreesia.net:0 LISTENING 1128
[bbntd.exe]
TCP Bobby:2002 Bobby.phreesia.net:0 LISTENING 492
[LogMeIn.exe]
TCP Bobby:3389 Bobby.phreesia.net:0 LISTENING 980
-- unknown component(s) --
c:\windows\system32\rpcss. dll
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\ADVAPI 32.dll
[svchost.exe]
TCP Bobby:3773 Bobby.phreesia.net:0 LISTENING 1556
[sqlservr.exe]
TCP Bobby:5494 Bobby.phreesia.net:0 LISTENING 2148
[MCDeplSvr.exe]
TCP Bobby:10000 Bobby.phreesia.net:0 LISTENING 1756
[beremote.exe]
TCP Bobby:1085 Bobby.phreesia.net:0 LISTENING 3172
[alg.exe]
TCP Bobby:netbios-ssn Bobby.phreesia.net:0 LISTENING 4
[System]
TCP Bobby:netbios-ssn Bobby.phreesia.net:0 LISTENING 4
[System]
TCP Bobby:netbios-ssn Bobby.phreesia.net:0 LISTENING 4
[System]
TCP Bobby:1127 localhost:2002 ESTABLISHED 4016
[LogMeInSystray.exe]
TCP Bobby:2002 localhost:1127 ESTABLISHED 492
[LogMeIn.exe]
TCP Bobby:microsoft-ds 192.168.2.52:2044 ESTABLISHED 4
[System]
TCP Bobby:1079 wr-in-f189.google.com:http s ESTABLISHED 2332
[IEXPLORE.EXE]
TCP Bobby:1179 192.168.2.52:netbios-ssn ESTABLISHED 4
[System]
TCP Bobby:1879 ares.phreesia.net:microsof t-ds ESTABLISHED 4
[System]
TCP Bobby:1952 kc-in-f125.google.com:5222 ESTABLISHED 3776
[googletalk.exe]
TCP Bobby:2970 [IP].[IP].[IP].[IP]:https ESTABLISHED 492
[LogMeIn.exe]
TCP Bobby:3167 192.168.2.54:3389 ESTABLISHED 2924
[mstsc.exe]
TCP Bobby:3622 192.168.2.231:http ESTABLISHED 624
[CommLoader.exe]
TCP Bobby:1042 wwwbaytest1.microsoft.com: http CLOSE_WAIT 8052
[OUTLOOK.EXE]
TCP Bobby:1060 eo-in-f103.google.com:http CLOSE_WAIT 2688
[GoogleToolbarNotifier.exe ]
TCP Bobby:1186 na3-api-sjl.salesforce.com :https CLOSE_WAIT 8052
[OUTLOOK.EXE]
TCP Bobby:1793 he-in-f100.google.com:http CLOSE_WAIT 3776
[googletalk.exe]
TCP Bobby:3617 localhost:1984 TIME_WAIT 0
TCP Bobby:3618 localhost:http TIME_WAIT 0
TCP Bobby:3619 localhost:1984 TIME_WAIT 0
TCP Bobby:3615 192.168.2.231:http TIME_WAIT 0
TCP Bobby:3626 66-151-150-190.expertcity. com:https TIME_WAIT 0
TCP Bobby:3627 66-151-115-190.expertcity. com:https TIME_WAIT 0
TCP Bobby:3628 66-151-150-190.expertcity. com:https TIME_WAIT 0
TCP Bobby:3629 66-151-150-190.expertcity. com:https TIME_WAIT 0
TCP Bobby:3630 66-151-150-190.expertcity. com:https TIME_WAIT 0
TCP Bobby:3631 66-151-115-190.expertcity. com:https TIME_WAIT 0
TCP Bobby:3632 66-151-115-190.expertcity. com:https TIME_WAIT 0
TCP Bobby:3633 66-151-115-190.expertcity. com:https TIME_WAIT 0
UDP Bobby:ms-sql-m *:* 1336
[sqlbrowser.exe]
UDP Bobby:4632 *:* 1792
C:\WINDOWS\system32\mswsoc k.dll
c:\windows\system32\WS2_32 .dll
c:\windows\system32\DNSAPI .dll
c:\windows\system32\dnsrsl vr.dll
C:\WINDOWS\system32\RPCRT4 .dll
[svchost.exe]
UDP Bobby:4500 *:* 800
[lsass.exe]
UDP Bobby:isakmp *:* 800
[lsass.exe]
UDP Bobby:1026 *:* 1792
C:\WINDOWS\system32\mswsoc k.dll
c:\windows\system32\WS2_32 .dll
c:\windows\system32\DNSAPI .dll
c:\windows\system32\dnsrsl vr.dll
C:\WINDOWS\system32\RPCRT4 .dll
[svchost.exe]
UDP Bobby:snmp *:* 1972
[snmp.exe]
UDP Bobby:3001 *:* 1792
C:\WINDOWS\system32\mswsoc k.dll
c:\windows\system32\WS2_32 .dll
c:\windows\system32\DNSAPI .dll
c:\windows\system32\dnsrsl vr.dll
C:\WINDOWS\system32\RPCRT4 .dll
[svchost.exe]
UDP Bobby:3005 *:* 1792
C:\WINDOWS\system32\mswsoc k.dll
c:\windows\system32\WS2_32 .dll
c:\windows\system32\DNSAPI .dll
c:\windows\system32\dnsrsl vr.dll
C:\WINDOWS\system32\RPCRT4 .dll
[svchost.exe]
UDP Bobby:5494 *:* 2148
[MCDeplSvr.exe]
UDP Bobby:3168 *:* 2924
[mstsc.exe]
UDP Bobby:3456 *:* 1324
[inetinfo.exe]
UDP Bobby:4622 *:* 1792
C:\WINDOWS\system32\mswsoc k.dll
c:\windows\system32\WS2_32 .dll
c:\windows\system32\DNSAPI .dll
c:\windows\system32\dnsrsl vr.dll
C:\WINDOWS\system32\RPCRT4 .dll
[svchost.exe]
UDP Bobby:1850 *:* 1792
C:\WINDOWS\system32\mswsoc k.dll
c:\windows\system32\WS2_32 .dll
c:\windows\system32\DNSAPI .dll
c:\windows\system32\dnsrsl vr.dll
C:\WINDOWS\system32\RPCRT4 .dll
[svchost.exe]
UDP Bobby:1025 *:* 1792
C:\WINDOWS\system32\mswsoc k.dll
c:\windows\system32\WS2_32 .dll
c:\windows\system32\DNSAPI .dll
c:\windows\system32\dnsrsl vr.dll
C:\WINDOWS\system32\RPCRT4 .dll
[svchost.exe]
UDP Bobby:microsoft-ds *:* 4
[System]
UDP Bobby:1027 *:* 800
[lsass.exe]
UDP Bobby:3205 *:* 1676
c:\windows\system32\WS2_32 .dll
C:\WINDOWS\system32\WLDAP3 2.dll
C:\WINDOWS\System32\adsldp c.dll
c:\windows\system32\appmgm ts.dll
[svchost.exe]
UDP Bobby:1681 *:* 2332
[IEXPLORE.EXE]
UDP Bobby:1754 *:* 8052
[OUTLOOK.EXE]
UDP Bobby:ntp *:* 1676
c:\windows\system32\WS2_32 .dll
c:\windows\system32\w32tim e.dll
ntdll.dll
C:\WINDOWS\system32\kernel 32.dll
[svchost.exe]
UDP Bobby:1900 *:* 2044
c:\windows\system32\WS2_32 .dll
c:\windows\system32\ssdpsr v.dll
ntdll.dll
C:\WINDOWS\system32\kernel 32.dll
[svchost.exe]
UDP Bobby:1076 *:* 744
[winlogon.exe]
UDP Bobby:2973 *:* 8052
[OUTLOOK.EXE]
UDP Bobby:1900 *:* 2044
c:\windows\system32\WS2_32 .dll
c:\windows\system32\ssdpsr v.dll
ntdll.dll
C:\WINDOWS\system32\kernel 32.dll
[svchost.exe]
UDP Bobby:netbios-dgm *:* 4
[System]
UDP Bobby:netbios-ns *:* 4
[System]
UDP Bobby:netbios-ns *:* 4
[System]
UDP Bobby:1900 *:* 2044
c:\windows\system32\WS2_32 .dll
c:\windows\system32\ssdpsr v.dll
ntdll.dll
C:\WINDOWS\system32\kernel 32.dll
[svchost.exe]
UDP Bobby:ntp *:* 1676
c:\windows\system32\WS2_32 .dll
c:\windows\system32\w32tim e.dll
ntdll.dll
C:\WINDOWS\system32\kernel 32.dll
[svchost.exe]
UDP Bobby:ntp *:* 1676
c:\windows\system32\WS2_32 .dll
c:\windows\system32\w32tim e.dll
ntdll.dll
C:\WINDOWS\system32\kernel 32.dll
[svchost.exe]
UDP Bobby:netbios-dgm *:* 4
[System]
UDP Bobby:ntp *:* 1676
c:\windows\system32\WS2_32 .dll
c:\windows\system32\w32tim e.dll
ntdll.dll
C:\WINDOWS\system32\kernel 32.dll
[svchost.exe]
UDP Bobby:netbios-ns *:* 4
[System]
UDP Bobby:1900 *:* 2044
c:\windows\system32\WS2_32 .dll
c:\windows\system32\ssdpsr v.dll
ntdll.dll
C:\WINDOWS\system32\kernel 32.dll
[svchost.exe]
UDP Bobby:netbios-dgm *:* 4
[System]
Proto Local Address Foreign Address State PID
TCP Bobby:ftp Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:smtp Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:http Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:epmap Bobby.phreesia.net:0 LISTENING 1028
c:\windows\system32\WS2_32
C:\WINDOWS\system32\RPCRT4
c:\windows\system32\rpcss.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\ADVAPI
[svchost.exe]
TCP Bobby:https Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:microsoft-ds Bobby.phreesia.net:0 LISTENING 4
[System]
TCP Bobby:1052 Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
TCP Bobby:1058 Bobby.phreesia.net:0 LISTENING 2060
[DLPWDNT.EXE]
TCP Bobby:1984 Bobby.phreesia.net:0 LISTENING 1128
[bbntd.exe]
TCP Bobby:2002 Bobby.phreesia.net:0 LISTENING 492
[LogMeIn.exe]
TCP Bobby:3389 Bobby.phreesia.net:0 LISTENING 980
-- unknown component(s) --
c:\windows\system32\rpcss.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\ADVAPI
[svchost.exe]
TCP Bobby:3773 Bobby.phreesia.net:0 LISTENING 1556
[sqlservr.exe]
TCP Bobby:5494 Bobby.phreesia.net:0 LISTENING 2148
[MCDeplSvr.exe]
TCP Bobby:10000 Bobby.phreesia.net:0 LISTENING 1756
[beremote.exe]
TCP Bobby:1085 Bobby.phreesia.net:0 LISTENING 3172
[alg.exe]
TCP Bobby:netbios-ssn Bobby.phreesia.net:0 LISTENING 4
[System]
TCP Bobby:netbios-ssn Bobby.phreesia.net:0 LISTENING 4
[System]
TCP Bobby:netbios-ssn Bobby.phreesia.net:0 LISTENING 4
[System]
TCP Bobby:1127 localhost:2002 ESTABLISHED 4016
[LogMeInSystray.exe]
TCP Bobby:2002 localhost:1127 ESTABLISHED 492
[LogMeIn.exe]
TCP Bobby:microsoft-ds 192.168.2.52:2044 ESTABLISHED 4
[System]
TCP Bobby:1079 wr-in-f189.google.com:http
[IEXPLORE.EXE]
TCP Bobby:1179 192.168.2.52:netbios-ssn ESTABLISHED 4
[System]
TCP Bobby:1879 ares.phreesia.net:microsof
[System]
TCP Bobby:1952 kc-in-f125.google.com:5222
[googletalk.exe]
TCP Bobby:2970 [IP].[IP].[IP].[IP]:https ESTABLISHED 492
[LogMeIn.exe]
TCP Bobby:3167 192.168.2.54:3389 ESTABLISHED 2924
[mstsc.exe]
TCP Bobby:3622 192.168.2.231:http ESTABLISHED 624
[CommLoader.exe]
TCP Bobby:1042 wwwbaytest1.microsoft.com:
[OUTLOOK.EXE]
TCP Bobby:1060 eo-in-f103.google.com:http
[GoogleToolbarNotifier.exe
TCP Bobby:1186 na3-api-sjl.salesforce.com
[OUTLOOK.EXE]
TCP Bobby:1793 he-in-f100.google.com:http
[googletalk.exe]
TCP Bobby:3617 localhost:1984 TIME_WAIT 0
TCP Bobby:3618 localhost:http TIME_WAIT 0
TCP Bobby:3619 localhost:1984 TIME_WAIT 0
TCP Bobby:3615 192.168.2.231:http TIME_WAIT 0
TCP Bobby:3626 66-151-150-190.expertcity.
TCP Bobby:3627 66-151-115-190.expertcity.
TCP Bobby:3628 66-151-150-190.expertcity.
TCP Bobby:3629 66-151-150-190.expertcity.
TCP Bobby:3630 66-151-150-190.expertcity.
TCP Bobby:3631 66-151-115-190.expertcity.
TCP Bobby:3632 66-151-115-190.expertcity.
TCP Bobby:3633 66-151-115-190.expertcity.
UDP Bobby:ms-sql-m *:* 1336
[sqlbrowser.exe]
UDP Bobby:4632 *:* 1792
C:\WINDOWS\system32\mswsoc
c:\windows\system32\WS2_32
c:\windows\system32\DNSAPI
c:\windows\system32\dnsrsl
C:\WINDOWS\system32\RPCRT4
[svchost.exe]
UDP Bobby:4500 *:* 800
[lsass.exe]
UDP Bobby:isakmp *:* 800
[lsass.exe]
UDP Bobby:1026 *:* 1792
C:\WINDOWS\system32\mswsoc
c:\windows\system32\WS2_32
c:\windows\system32\DNSAPI
c:\windows\system32\dnsrsl
C:\WINDOWS\system32\RPCRT4
[svchost.exe]
UDP Bobby:snmp *:* 1972
[snmp.exe]
UDP Bobby:3001 *:* 1792
C:\WINDOWS\system32\mswsoc
c:\windows\system32\WS2_32
c:\windows\system32\DNSAPI
c:\windows\system32\dnsrsl
C:\WINDOWS\system32\RPCRT4
[svchost.exe]
UDP Bobby:3005 *:* 1792
C:\WINDOWS\system32\mswsoc
c:\windows\system32\WS2_32
c:\windows\system32\DNSAPI
c:\windows\system32\dnsrsl
C:\WINDOWS\system32\RPCRT4
[svchost.exe]
UDP Bobby:5494 *:* 2148
[MCDeplSvr.exe]
UDP Bobby:3168 *:* 2924
[mstsc.exe]
UDP Bobby:3456 *:* 1324
[inetinfo.exe]
UDP Bobby:4622 *:* 1792
C:\WINDOWS\system32\mswsoc
c:\windows\system32\WS2_32
c:\windows\system32\DNSAPI
c:\windows\system32\dnsrsl
C:\WINDOWS\system32\RPCRT4
[svchost.exe]
UDP Bobby:1850 *:* 1792
C:\WINDOWS\system32\mswsoc
c:\windows\system32\WS2_32
c:\windows\system32\DNSAPI
c:\windows\system32\dnsrsl
C:\WINDOWS\system32\RPCRT4
[svchost.exe]
UDP Bobby:1025 *:* 1792
C:\WINDOWS\system32\mswsoc
c:\windows\system32\WS2_32
c:\windows\system32\DNSAPI
c:\windows\system32\dnsrsl
C:\WINDOWS\system32\RPCRT4
[svchost.exe]
UDP Bobby:microsoft-ds *:* 4
[System]
UDP Bobby:1027 *:* 800
[lsass.exe]
UDP Bobby:3205 *:* 1676
c:\windows\system32\WS2_32
C:\WINDOWS\system32\WLDAP3
C:\WINDOWS\System32\adsldp
c:\windows\system32\appmgm
[svchost.exe]
UDP Bobby:1681 *:* 2332
[IEXPLORE.EXE]
UDP Bobby:1754 *:* 8052
[OUTLOOK.EXE]
UDP Bobby:ntp *:* 1676
c:\windows\system32\WS2_32
c:\windows\system32\w32tim
ntdll.dll
C:\WINDOWS\system32\kernel
[svchost.exe]
UDP Bobby:1900 *:* 2044
c:\windows\system32\WS2_32
c:\windows\system32\ssdpsr
ntdll.dll
C:\WINDOWS\system32\kernel
[svchost.exe]
UDP Bobby:1076 *:* 744
[winlogon.exe]
UDP Bobby:2973 *:* 8052
[OUTLOOK.EXE]
UDP Bobby:1900 *:* 2044
c:\windows\system32\WS2_32
c:\windows\system32\ssdpsr
ntdll.dll
C:\WINDOWS\system32\kernel
[svchost.exe]
UDP Bobby:netbios-dgm *:* 4
[System]
UDP Bobby:netbios-ns *:* 4
[System]
UDP Bobby:netbios-ns *:* 4
[System]
UDP Bobby:1900 *:* 2044
c:\windows\system32\WS2_32
c:\windows\system32\ssdpsr
ntdll.dll
C:\WINDOWS\system32\kernel
[svchost.exe]
UDP Bobby:ntp *:* 1676
c:\windows\system32\WS2_32
c:\windows\system32\w32tim
ntdll.dll
C:\WINDOWS\system32\kernel
[svchost.exe]
UDP Bobby:ntp *:* 1676
c:\windows\system32\WS2_32
c:\windows\system32\w32tim
ntdll.dll
C:\WINDOWS\system32\kernel
[svchost.exe]
UDP Bobby:netbios-dgm *:* 4
[System]
UDP Bobby:ntp *:* 1676
c:\windows\system32\WS2_32
c:\windows\system32\w32tim
ntdll.dll
C:\WINDOWS\system32\kernel
[svchost.exe]
UDP Bobby:netbios-ns *:* 4
[System]
UDP Bobby:1900 *:* 2044
c:\windows\system32\WS2_32
c:\windows\system32\ssdpsr
ntdll.dll
C:\WINDOWS\system32\kernel
[svchost.exe]
UDP Bobby:netbios-dgm *:* 4
[System]
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Yes,
I have network monitoring sofware installed. The webserver should be listening to SMTP only. I think!!
What do you mean by dynamic DNS tool?
Bobby
I have network monitoring sofware installed. The webserver should be listening to SMTP only. I think!!
What do you mean by dynamic DNS tool?
Bobby
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thank you r-k,
I don't know what bbntd.exe and MCPeplSvr.exe are. How can I find out what they are. Also I don't have IIS installed on my machine however I've installed the AdminPack to access AD. Does it have anything to do with that?
I don't know what bbntd.exe and MCPeplSvr.exe are. How can I find out what they are. Also I don't have IIS installed on my machine however I've installed the AdminPack to access AD. Does it have anything to do with that?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
j,
I've uninstalled quest software and I don't see anything else related in the add remove program!!
Also yes you are correct I see IIS is installed from the Control Panel. I'll take care of that.
Just out of curiosity, is there a way to block a port using the command line for example:
TCP Bobby:https Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
I've uninstalled quest software and I don't see anything else related in the add remove program!!
Also yes you are correct I see IIS is installed from the Control Panel. I'll take care of that.
Just out of curiosity, is there a way to block a port using the command line for example:
TCP Bobby:https Bobby.phreesia.net:0 LISTENING 1324
[inetinfo.exe]
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
J.
Thanks I undresstand; Does that mean if I for example block port 443 on the windows firewall and do a natstat ab, it will not show. Correct?
Thanks I undresstand; Does that mean if I for example block port 443 on the windows firewall and do a natstat ab, it will not show. Correct?
ASKER
All workstations are on 2003 domain and not too many policies are in placed. Only password, user logon and folder redirection. I do not recognize 'swfactory'. Its a very small organization. Last week we had a power outage in the server room and as the results all servers restarted. I thought it might have something to do with that. Does the DC save a log of what might have happened somewhere?