cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
noxide
Engaged Sweeper
At 430 pm today Trend Micro reported over 100 connections being made in less than 3 minutes to one of our servers and we found the issue to be lansweeper. What do we need to do to make sure this doesn't happen?

Thanks!
12 REPLIES 12
Hemoco
Lansweeper Alumni
Is OFFICESCAN the name of the lansweeper server?
If you use ip range scanning lansweeper tries to detect computers by connecting to tcp port 139, this might explain the file sharing connections.

Can you try disabling ip range scanning to see if the warning is gone.
dteague
Engaged Sweeper III
Lansweeper wrote:
Is OFFICESCAN the name of the lansweeper server?


I know I am Threadjacking, but OFFICESCAN is the name of the Trend software. I am also running Trend Officescan, and am not seeing this, so it will be interesting to see what the issue is.

I only scan my devices weekly over 4-5 subnets that have about a hundred hosts per subnet, and OFFICESCAN has not had any issues.
noxide
Engaged Sweeper
We got those officescan emails about an outbreak until we shut the lansweeper server down. So it mustve been doing something else.

I used lansweeper at my last company and was trying to "sell" it to my new company but since i am new and this is new they think it may be causing a problem, I'm trying to get to the bottom of it so they will at least try it out.

I think the server may have been a novell server but let me double check when i get into work and I'll let you know.
Hemoco
Lansweeper Alumni
When scanning a windows computer lansweeper only uses WMI to access the remote computer. Shared folder access (SMB) is not used.
noxide
Engaged Sweeper
11/30/2010 16:51:08 OFFICESCAN Shared folder sessions: 100 in the last 3 minutes
11/30/2010 16:47:54 OFFICESCAN Shared folder sessions: 100 in the last 3 minutes
11/30/2010 16:44:49 OFFICESCAN Shared folder sessions: 100 in the last 3 minutes
11/30/2010 16:36:35 OFFICESCAN Shared folder sessions: 100 in the last 3 minutes
11/30/2010 16:33:24 OFFICESCAN Shared folder sessions: 100 in the last 3 minutes
11/30/2010 16:30:24 OFFICESCAN Shared folder sessions: 100 in the last 3 minutes


I'm currently looking for something with more information.
noxide
Engaged Sweeper
where would i find this log?
Hemoco
Lansweeper Alumni
noxide wrote:
where would i find this log?

Can you turn on logging in the trend micro tool?
Hemoco
Lansweeper Alumni
Do you have a log of what kind of connections these are (tcp port, duration,...)
A normal scan takes a lot less connections.
noxide
Engaged Sweeper
its a high availability cluster that hosts a file server