I am having some trouble setting up a dynamic application class for this alert.
The process 'System' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on TCP port 445 from <IP ADDRESS>. The operation was denied. Details Rule 223 Wizard
I have tried creating a dynamic application class with a builder rule set to add anything on TCP port 445 to the application class.
Then i have created another Network Access Control allow rule saying allow the AC when acting as a client or Server on port 445 and also the built in SMB network services.
Any help would be greatly appreciated.
Thanks in advance.