These transmissions are all "Outbound" according to the log.
Do you need a larger size log screenshot so you can read this thing?
Let's see...
OK, I'm already doing that but at the "cost" of an imperial annoyance...
- creating a rule to allow it
This is too global, that is, if a bad guy gets through and starts using that port and protocol, I'm wide open to attack. Rules need to be created under an admin account, right?
Been there, done that, doesn't work. See above. Or is there a deeper disabling setting I'm not aware of?
- disabling alerts. Not ideal since you would then have to monitor the Security log pretty regularly.
Agian, probably too global and way too much inconvenience.
Idea: Take one PC and make it a "Manager". Let it "manage" the others. Some work for not much gain.
Am I on target witth this "analysis"? Maybe I just should ignore it. I do wonder why all of a sudden this comes to be? Any ideas?
Thanks,
Hoibo