We are seeing odd traffic out of a Windows 2008 servers. There are many unknown http and https transactions. Plus there are quite a few UDP calls out to various internet hosts. We are viewing this through a firewall traffic log, not a packet sniffer. There are no users logging in, not a real person generating the traffic.
The server runs a single application. We've checked with that application support and they don't use https, http or any of the other UDP traffic. We've reviewed the firewall logs with them. Their suspicion is that this is a virus, possibly related to amazonaws, a known piece of malware.
We've run several different pieces of anti-malware, no one finds anything.
Where we are at now is that we're trying to figure out what application or services are calling up these http and https transactions.
A cyber security company recommended TechNet link to technetbb897437
We tried it but we aren't any closer to sorting this out.
Is there some other sort of Microsoft tool that could help us with that?
Any help?
thanks!