Microsoft-ds (445) 1

[logicacmg000]

Service: microsoft-ds (445)

I am getting a lot of traffic on my log server being generated from a singlePC on our network using the service microsoft-df.

I have googled around a found various things on it, just wanted to double check here if this is okay or a virus infected machine. Thanks.

 

[watchguardmonkey]

best check symantec or mcafee for any virous alerts on port 445, but normally AD uses port 445 to connect the server/client in an AD domain, 445 is simple message block and is used along side some of the netbios ports to map nodes on the network.

if you are not running an AD domain simply turn it off on the pc.

 

[NetworkGhost]

Like WatchguardMonkey said 445 is definitly a known port for viruses. Are you getting a broadcast on this port from the single PC? Are there outbound connections for this? Possibly a DDOS or DOS type attack.