See the photo above. We have a ton of 445 - SMB traffic going to 192.168.100.x, 192.168.101.x, and 192.168.5.x address even though those networks do not exist. The firewall is blocking all of the requests but it is unnecessary traffic on the network. I know ransomware will operate and move subnets via 445 but also I know some windows services utilize that port, like printer and file sharing which we do have enabled. I would Wireshark the data but I don't know what else I will find out about it in doing so as I know that almost all PCs in our building are doing this and going to these not real IPs. We have Trend Micro across all PCs in the domain and have ran various other malware/virus/trojan seeking apps and nothing is ever found.
Any thoughts? I'm hoping it is Windows 10 doing something funky or trying to query around and see who else is allowing SMB traffic. I only really see these 192.168.x.x fails as any of the successful 445 traffic is actually legit.
Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.