SBS2008 Huge daily downloads

Since replacing a motherboard and re-loading SBS2008 I have just discovered that my daily downloads have increased from 400Mb's per day to 3Gb's and I can't find out how to find out what is causing this.
All I know is that it is the server.
I have tested the server for spyware and viruses = none.
I suspect Windows updates-could the server be trying to download an update that isnt getting installed? I am going to turn off Windows updates - reluctantly.
Thanks - John
JSlatemAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
IanThConnect With a Mentor Commented:
there have been so many windows updates recently from m$ due to the fact that rdp has been compromised and servers all over the place started to get hacked from chinese ip addresses

if you want to minimise your down loads use wsus
wsus can then do the windows update role for your domain
0
 
JSlatemAuthor Commented:
I have just spent a week resolving exactly the issue (rdp/chinese ip) you have just described!!!

I have just turned RDP off on the router (and will do this for all of my clients)

What puzzles me is that, with 200Mb per hour being downloaded (this is an average as the ISP tells me that the majority is happening between 7pm and 7am) I would have liked to use a prog to view my bandwidth and then see cause and effect but I can't find one?

I have also turned off Window Updates in Services (I only have 6 users on the network and only 2 of those connected to the domain) so WSUS isnt an advantage.

Thanks for your input but I am not sure that we have traked this one down yet.

Regards John
0
 
IanThCommented:
do you actually need rdp on the server as if you do

m$ has got a patch
see
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
JSlatemAuthor Commented:
The issue seems to be that ever since installing the new board and re-installing SBS (Sun 4th Mar), something in the setup is downloading all the time and I need to find out what it is and stop it.
I know that it isn't anything to do with Exchange because the SMTP feed wasn't turned on until two days after.
This download (5Gb per day) started the moment that the server was restarted. Uploads are unaffected.
I turned of WSUS and Windows Update services - no change.
Does anybody know of a programme that will tell me what is being downloaded or the port that is being used?
At the moment the server is off but clearly this is not sustainable.
The only obvious route at the moment would be to re-load SBS!
Thanks John
0
 
IanThCommented:
no I suspect your problem could be the rdp compromise which means you get loads of chinese ip addresses coming through rdp

have you got ms12-020 installed
I think you need KB2621440

http://technet.microsoft.com/en-us/security/bulletin/ms12-020

replaceing he motherboard and it started are more than likely a coincidence
this problem started the 13 march
0
 
JSlatemAuthor Commented:
Hi Ian

Thanks for your help.

KB2621440 was installed on the 14th March but I am not sure what you mean by MS12-020. Could you please explain?

Regards John
0
 
IanThCommented:
ms12-020 is kb2621440

does event veiwer on the server give you any explanation as to the downloads I know m$ is doing a hell of a lot
0
 
JSlatemAuthor Commented:
Hi Ian

There no clues in EM or rather I cant seem to see anything obvious.

Slightly puzzled with the lack of ideas out there (I've also posted the request for help on the MS Technet forum with no response so far).

Today (Monday) I turned of Windows Update Services for two hours - no change then Exchange at 10am so we'll see if there is any change in the next 2 hours.

Beginning to think that the only solution is to reload SBS.

Regards John
0
 
IanThCommented:
if you dont get anything in event viewer dont you think thats puzzling

I think what your downloads are if not updates and not shown in event viewer are pointing to malicious activety
0
 
JSlatemAuthor Commented:
Dear Ian

I have now established that the cause of the problem is Exchange! Having turned it off the downloads stop. Resolving this is now the problem :-(

I have spoken with the ISP and there are on 50k's worth of mail waiting to download so it's not something large but what is it?

Any thoughts?

Regards John
0
 
JSlatemAuthor Commented:
Hi all

The solution or rather the culprit was Forefront Security (part of Exchange). I didn't see it as an option when I loaded SBS and don't need it as my mail is filtered by Webroot before sending to Exchange.

Having un-installed, my download levels have returned to their previous levels (if not slightly lower!).
0
 
JSlatemAuthor Commented:
I appreciated Ian's input however my last answer was the solution.
0
 
IanThCommented:
so it was just email then ?
0
 
JSlatemAuthor Commented:
It seems that Forefront Security was downloading new spam definitions so it wasnt the email per see but something wrong with the spam engine.

I have some more info on the Windows MAP Forum which I will send to you later.

Regards John
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.