Issue to defender of Win 2016 server

Peter_1985 2,586 Reputation points
2021-03-01T06:27:05.72+00:00

Hi,
How to ensure Win defender is working fine below? ![72740-a22.png][1] Win 2016 server is having extremely big transport below. How to stop it? ![72871-a25.png][2] [1]: /api/attachments/72740-a22.png?platform=QnA [2]: /api/attachments/72871-a25.png?platform=QnA

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,426 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,568 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
527 questions
0 comments No comments
{count} votes

Accepted answer
  1. Candy Luo 12,686 Reputation points Microsoft Vendor
    2021-03-02T08:15:03.747+00:00

    If you want to find the cause , you need to trace network traffic and monitor the requests coming from which port. Tool such as Network Monitor and Process Monitor can be considered . However, analysis of log is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. You may need to analyze by yourself.

    Please refer to the following video, see if this can help with you:

    lsass.exe high network traffic from the internet FIX! server 2012 r2

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    0 comments No comments

12 additional answers

Sort by: Most helpful
  1. Candy Luo 12,686 Reputation points Microsoft Vendor
    2021-03-02T03:14:08.483+00:00

    Hi ,

    How to ensure Win defender is working fine

    You can make sure if Windows Defender service is running using this PowerShell command:

    Get-Service WinDefend  
    

    73204-image.png

    If the the service is started , then status will show running.

    For your reference:

    Windows Defender Antivirus on Windows Server 2016

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Win 2016 server is having extremely big transport below. How to stop it? !

    Go to resource monitor and then check which process is sending large traffic, like picture below:

    73226-image.png

    It will show you which processes are consuming the most network resources.

    Best Regards,

    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Peter_1985 2,586 Reputation points
    2021-03-02T03:40:50.69+00:00

    Hi,
    How to resolve issue below?
    73207-a29.png


  3. Candy Luo 12,686 Reputation points Microsoft Vendor
    2021-03-02T05:25:28.983+00:00

    So based on my understanding, the server 2016 is a DC and has internet access. Is that right?

    Please check the following steps:

    Go to windows firewall > Inbound Rules > Active Directory Domain Controller - LDAP (UDP-in) and change the connection to "Allow the connection if it is secure"

    For your reference:

    How to reduce lsass.exe bandwidth traffic

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    0 comments No comments

  4. Peter_1985 2,586 Reputation points
    2021-03-02T05:54:39.593+00:00

    I've applied the firewall rule and have rebooted server but traffic below is still big
    73228-a30.png

    0 comments No comments