0
On computer A there is a program that makes a network connection to computer B and accesses the network shares. This occurs 20+ times in less than two seconds.
The event that is fired on computer B is Event ID: 4648. This event is generated when a process attempts to log on an account by explicitly specifying that account's credentials.
I think it has something to do with Adobe Creative Cloud but am unsure. How can I determine which program on computer A is making these requests to computer B?
wbeard52
Posted 2016-08-04T19:07:37.907
Reputation: 3 149
Configure Computer A, and launch each application installed on it, one by one until the behavior starts to exhibit itself on Computer B – Ramhound – 2016-08-04T19:09:38.303
Try running
netstat -bo 1from Command Prompt and note down the process name and PID that's connecting to a particular IP. Or try WireShark. – w32sh – 2016-08-04T19:26:55.370@w32sh I tried
netstat -bo 1and when the connection was made I did not get anything to show from netstat. I searched for by the computer name and IP address. – wbeard52 – 2016-08-05T16:58:30.367You could try
netstat -abo 1(from elevated CMD) or try something advanced like WireShark. – w32sh – 2016-08-05T17:07:21.697