Greetings - I am wondering if anyone else is seeing access attempts via TCP 445 to an external IP when scanning internal and DMZ subnets?
We do not have any LSAgent scanning, nor scanning of anything external. But my infosec team is seeing outbound requests over TCP 445 to an external IP. I have triple-checked our scanning targets (nothing external), and don't know where this is coming from. We initially shut LS down and saw the traffic stop, then we turned it back on and saw the traffic immediately. Then we left the LS service up but disabled all scans and cleared the scanning queue, and the traffic stopped again.
Opened a ticket with support but also wanted to check with the LS community to see if anyone else has had this, and what you may have done about it.
Thanks!