RECOMMENDED:If you have Windows errors then it's highly recommended that you download and install this Windows Repair Tool.




We just started to get these alerts. We are getting a new one every 2 days or so on different workstations. How can we determine what app is causing these alerts? if they are false positives, stop the alerts?

Need to figure out understanding this alert and to act upon. I know that this is to identify of alerts from this. I see lots any AD enumerations from a threat actor perspective.
I need some help here on whether they are TPs. 

I installed ATA in my environment yesterday and the server alerted me to my AADSync server.  I allowed the activity, but I'm wondering if it is best practice to install the (Lightweight) Gateway on the AADSync server? AADSync server is running Windows 2008 R2 without any roles installed.  Microsoft Azure AD Connect is the only service running on this server.

This thread should be deleted.
 

This thread should be deleted.
 

I would essentially like to know if the services.Exe virus was successfully and completely removedfixed, if Anti-Malware scan and serxices.Exe no longer appeared (yay!?). I read some posts on here something called IRP hook), and Firefox no longer redirects me to random websites. AVG stopped giving me warnings (though its still comes up with 27 rootkits, ran ComboFix (I'll post the log, and it is still installed). Hi there. After running ComboFix, I did a Malwarbytes and decided to fix it myself. I first ran FRST (I'll post the log), and I then After this, I also then ran HijackThis. I had trojan "services.Exe" (dropper.Genreic_c.MMI). However it did come up I should worry about the AVG results (listed below), and how to remove the svchost.Exe virus. AVG was telling me with svchost.Exe, which it cannot remove.

References:
https://social.technet.microsoft.com/Forums/en-US/afad6299-dbaf-4ccf-a488-413124d05df4/the-following-directory-services-enumerations-using-samr-protocol-were-attempted-against?forum=mata
https://social.technet.microsoft.com/Forums/en-US/79226c64-4770-4b45-9a72-ce6a99bddd22/directory-enumeration-using-samr?forum=mata
https://social.technet.microsoft.com/Forums/en-US/e3885677-a01c-4c62-aca8-537d802a191d/malicious-replication-of-directory-services-azure-active-directory-sync?forum=mata
https://forums.techguy.org/threads/system32-services-exe-and-svchost-exe-attempted-fix-myself.1062506/
https://forums.techguy.org/threads/services-exe-dropper-genreic_c-mmi-and-svchost-exe-attempted-to-fix.1062531/
https://forums.techguy.org/threads/services-exe-dropper-genreic_c-mmi-and-svchost-exe-i-attempted-fix.1062507/