1 Reply Latest reply on Jun 21, 2016 8:46 AM by kjstech

    Does sw patch management scan the entire network on port 135?


      Got a Dell secure works incident today opened by our SW Patch management server.  Firewall seeing a bunch of DROP's to port 135, non existent IP's in our IP range.


      Noticed a netstat -a on sw patch mgmt server there was a lot of open connections for sure.  In resmon.exe > Network tab > TCP connections, I see a lot of SWJobEngineWorker2.exe on various IP's but not that port 135.  I see a lot of svchost.exe (RPCSS) to various IP's port 135.


      I just want to verify this is normal and the server isn't compromised.