We have onpremise Bitdefender GravityZone server and Windows 10 Desktops / Laptops.
The Bitdefender Policy – General Update is set to every 1 hour.
We have a third party IT application that will collect Windows Event Logs (success and failed logins) from all Microsoft Active Directory DC (Windows 2016) Servers. In our daily routine, we (IT Dept) look for high failed AD logins and blank (dash) login. Then we will investigate on these.
The high failed blank (dash) login started to show up on in DC servers EventLogs on last Monday, Sept 19th or Tuesday, 20th when all our desktops and laptops Bitdefender product upgraded to version 7.6.3.212.
The Event ID 4625 in the DC servers would happen every one hour on different desktop / laptop IP numbers. Pattern of every 1 hour per desktop or laptop. Again, the Bitdefender Policy – General Update is set to every 1 hour.
Are you seeing the Event ID 4625 in your DC servers every 1 hour or every # hour according to your Bitdefender Policy - General - Update? The every 1 hour is when the desktops / laptops do a very quick Bitdefender check / update / whatever.
It is not affecting any normal users day to day applications / work.
It is just us IT Department seeing a higher failed logins based on Event ID 4625 in the DC servers EventLogs.
Thank you.
