The host of Evidence and Whitelist shared folders experience traffic on port 445 from endpoints
Last Modified: 2023-05-26 06:08:08 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
The host of Evidence and Whitelist shared folders experience traffic on port 445 from endpoints
Technical Articles ID:
KB90025
Last Modified: 2023-05-26 06:08:08 Etc/GMT Environment
Data Loss Prevention (DLP) Endpoint - all supported versions For supported environments, see KB68147 - Supported platforms for Data Loss Prevention Endpoint. Problem
The host of the Evidence and Whitelist shared folders experiences many connections made on port 445 by DLP Endpoint client systems.
Cause
The Data Protection Rule is triggered on the endpoints. The rule causes the Evidence and Whitelist shared folders' host connections to be established. After the connections are established, the clients upload files to the shared folders. These files are the Evidence files, Whitelist files, or both.
Solution
This behavior is considered normal and by design. For more information, see Network Ports Used by Key Microsoft Server Products.
Affected ProductsLanguages:This article is available in the following languages: |
|