Avatar of Stuart Oram
Stuart Oram
Flag for United Kingdom of Great Britain and Northern Ireland

asked on 

Identify (log) DNS queries on client machine by process

I have seen entries in my DNS logs suggesting that I have a small but significant number of hits to some questionable domains on a daily basis from one particular client machine. This was seen on a previous Windows Vista machine which has now been retired and been replaced by a Windows 10 build which is now exhibiting the same symptoms. I'd like to get to the bottom of this by identifying/logging from the client machine which process(es) is making said DNS queries.
Given the nature of DNS transactions, it's unlikely I'm going to pick much up with built-in Resource Monitor and the likes.
Can anyone make any suggestions?
Windows 10DNS

Avatar of undefined
Last Comment

8/22/2022 - Mon