Noticed today on one of the servers, that Event viewer/Security has lots of "Failure audit"
messages like this:
The message repeats every second and the port number is increased by one the range of ports being from 1025 to 5000 and then over again. To me, such "port scanning" looks quite suspicious!
I've tried running TCPView to find out more details, but it only shows process, its ID and port. Is this by design for spoolsv.exe to act so? Or is this some sort of malware? Has anybody seen this before?
File server & Print server roles are installed on the server.