Hi @Richard Eduardo Sánchez Castro
With the level of information provided, it's difficult to be able to confirm if this is normal or not. However, here are a few points that might help.
The port 445 is for CIFS\file access, and as this is the DC, it's likely to be DFS\File share access. It's normal for a workstation to talk to the DC, as they will read the sysvol share when applying GPOs. The Computer Management console is able to provide some limited information on the sessions and files that are currently being accessed.
As for the 416GB transferred over three days, it hard to say if this is normal or not, it depends on the network topology, and the workstation workloads. It could be backup traffic, files access, patching or any number of reasons. Without a breakdown of the traffic based on source and target addresses and ports it difficult to know what this is. If you want to get more details, check if the firewall provides more details on the traffic type, with source and target information or use a network capture software such as Wireshark to get more info.
Is the volume of network traffic causing any issues, if not, and the server is working OK, I wouldn't be to concerned based on the information provided.
Gary.