Showing results for 
Show  only  | Search instead for 
Did you mean: 
Engaged Sweeper

Lansweeper scanner is unusable.  It generated over 50GB of logs in couple hours.  I've to stop the service. otherwise, the hard drive is filled up in an hour and wipe out all other security logs.



Engaged Sweeper III

Thanks to @jgauthier1986 who posted in the other thread that version is out. Changelog hasn't been updated as of yet, but the update fixed the LSASS/Kerberos DOS issue in our environment.

Lansweeper Tech Support
Lansweeper Tech Support

This issue should be addressed in the next version, which will be released very soon.

In some circumstances, the Active Directory cleanup procedures never finished and caused an excessive amount of ldap queries. We're sorry for the inconvenience this has caused.

In the meantime, if you would like to continue using version, we recommend the following:

  • disable all on-premises AD cleanup options from the "Server options" page
  • disable the on-premise AD refresh options from the "Scanning targets" page
  • restart the Lansweeper service to activate these changes



Engaged Sweeper III

Yep. Seeing the same thing. I was seeing 130-150 Kerberos Authentication Tickets per second with the Lansweeper Server service running

I opened a ticket with support. I'd recommend doing the same.

Link to the thread I started about the issue:

Engaged Sweeper III

I see the same problem and the "Local Security Authority Process" is running with higher CPU

Engaged Sweeper

We are also seeing an overwhelming amount of security logs (kerberos service/authentication tickets) being created since upgrading to v11.1.1.3.

2 - 4 million logs (eventID:4768/4769) have been created every day for the past week! I had to stop the service as well.  I hope someone at LS realizes this is a huge issue.