- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-05-2020 11:58 PM
Recently I accessed a SMB share on a corporate Synology device (through the PA firewall). Accessing this share is hardly ever used. Now...days later, after several reboots of the client computer, the Firewall keeps on detecting the "vulnerability" SMB: User Password Brute Force Attempt(40004)
This is something I cannot explain. There are no active connections to this share from the client computer. There is nothing in the credential manager of Windows. There is nothing it the frequently accessed locations... Any idea why the Palo Alto would think this vulnerability is triggered an how can I find the "culprit" program which tries to access this file share?
Remko