Hi Guys,
One of our users utilizes high network resources even when not using the network. Could you assist me in determining the cause? I checked their computer but found no network activity.
It would be interesting to scan this machine to validate that there is no malicious file.
Thank you for your reply, @alemabrahao . I did scan the device, but nothing was found. Is there any possibility I can track/trace deep inspection on the firewall?
do you have the IPS enabled?
https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection
Yes
Were you able to find any suspicious activity in the logs?
Do you means Change Logs menu?
Nope, Security & SD-WAN > Monitor > Security Center
No MX events. Nothing there.
Try to perform a packet capture using the client's IP or MAC as the source.
Do you have Meraki switches and are you able to run a packet capture on the port the devices is connected to?
I don't have Meraki Switches.
Assuming you have an MX, if you go into the client and click "Show Details" under the pie chart - what does it show them accessing?
Looks like plain old Windows file sharing. Or are you talking about Internet traffic as opposed to internal traffic?
That is our on-premises file server, and the user is connected to the same network. But different VLAN.
From the above output, the clear majority of network traffic from that client is SMB file sharing.
If that's an unexpected usage amount, you'll have to get a clearer idea of what they're pulling down from the file server and why.
To prevent it, you could look at applying group policies and setting bandwidth limits via a traffic shaping policy.