I think I solved it: it was a malware. Trend Micro detected it as:
Backdoo.71CF377D
Backdoor.Win64.PROMETEI.YEBDW
I have not found any information about it
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Starting a few days ago we had issues with Exchange 2016 not allowing connections from certain computers that we accessing via OWA and Outlook Profiles. The issue occurred on a fully patched Windows 2016 Server (build 1607) with Exchange 2016 Patched to CU15 (KB5000871). This Exchange patch was applied after the issue started. A Windows Firewall is in use with exceptions for many things however we have not manually configured any Blocked Inbound or Outbound Rules
After troubleshooting we found that there was a strange Firewall Rule that no one in our team remembers creating. The Firewall Rule is Named "Banned brute IPs"
and was collecting IPS both internal and external to stop accepting connections from.
We obviously Disabled the Firewall Rules however they were turned back on approx. 8 hours after disabling them. We have scheduled a task to disable this firewall rule every 5 minutes. Which may be excessive however is necessary at this time to Keep email flowing.
Is anyone aware of a Current Windows Patch that may create that rule or anyway to track down how the rule was created and why it is auto enabling.
There is a few pieces of information to include in this as the MAY be important.
There are 3 Domains on this exchange Server One IP blocked was the outside IP of a remote facility and the the other 2 domains are in the same building separated by VLANing
I think I solved it: it was a malware. Trend Micro detected it as:
Backdoo.71CF377D
Backdoor.Win64.PROMETEI.YEBDW
I have not found any information about it