Windows 10: Does anyone know what can cause extremely high active and passive opens for TCP Statistics...

Discus and support Does anyone know what can cause extremely high active and passive opens for TCP Statistics... in Windows 10 Ask Insider to solve the problem; I'm currently on my laptop that I'm worried might be compromised due to statistics I found running the netstat -s command. This is specifically for TCP... Discussion in 'Windows 10 Ask Insider' started by /u/dumbtechnoob, Apr 13, 2021.

  1. Does anyone know what can cause extremely high active and passive opens for TCP Statistics...


    I'm currently on my laptop that I'm worried might be compromised due to statistics I found running the netstat -s command. This is specifically for TCP Statistics for IPv4.

    Active Opens: 86317 Passive Opens: 261432 Current Connections: 49

    I understand that active opens and passive opens has something to do with sockets which I'm starting to understand a bit more, but could use some help here. I have been told in the past, but don't really understand why, that these statistics can be used to discover evidence of malicious activity. I have been told that anything higher than 10,000 active opens is cause for concern and anything higher than your active opens is also cause more concern.

    For context, I have also been running nmap scans from my desktop to this laptop that I have pulling statistics from. I am running different types of scans as an experiment while also using Wireshark to monitor these scans. I am wondering if anybody can help me out here in fully understanding what these statistics mean and if I should be worried.

    I would appreciate any help and even being pointed in the right direction. I am currently running a full scan on Malwarebytes, but unsure if this is sufficient and may try another antivirus software as well. I know that Windows Defender and Malwarebytes are a good pair and so far no malicious activity detected by either software on either computer.

    I appreciate any and all responses. Thank you.

    submitted by /u/dumbtechnoob
    [link] [comments]

    :)
     
    /u/dumbtechnoob, Apr 13, 2021
    #1
  2. Kem Mon Win User

    Windows 10 - Extremely slow WIFI

    Hi Joanne,

    There are a lot of possible causes for this issue to occurred. And since
    resetting your TCP/IP
    did not work. We suggest that you
    Reconfigure your TCP/IP
    and check if there's any changes.
    To do this, follow these steps:


    • Run
      Command Prompt
      as
      Administrator.

    • Run
      these following commands:

      • netsh
        int
        tcp set heuristics
        disabled

      • netsh
        int
        tcp
        set global
        autotuninglevel=disabled

      • netsh
        int
        tcp set global
        rss=enabled

    Let us know how it goes.

    Regards.
     
    Kem Mon, Apr 13, 2021
    #2
  3. WHEN WILL MICROSOFT HAVE UPDATE FOR WINDOWS 10 SOLITAIRE COLLECTION TO RESET STATISTICS?

    Hello Brette,

    Thank you for responding back and sorry for the inconvenience caused.

    Suggest you to follow the steps provided below and check if it helps.

    • Click on this link Results in Xbox - Microsoft Community
    • Click on box under “Find a Topic or Ask a Question” and type your question(for e.g.: reset statistics.)
    • Place cursor on suggestion listed and select appropriate search result

    Kindly keep us posted on the status of the issue. If it still persists, we would be glad to help you further.
     
    Ravindra Kamath, Apr 13, 2021
    #3
  4. bumgarb42 Win User

    Does anyone know what can cause extremely high active and passive opens for TCP Statistics...

    Extremely High RAM utilization, high Paged Pool

    The issue started in mid-February when I received multiple warnings and critical alerts from my RMM software for several PCs I administer - the RMMs settings for RAM alerts are a warning at 85% and critical at 90%.
    All of these systems have been deployed for over 2 years and I've never had any of them give high memory alerts before. Now, of the 12 PCs in the office, 10 PCs are going to critical alert with the RAM use slowly creeping up over a 4+ day period. The users are complaining of the PCs becoming slow, lagging, or unresponsive. A reboot tends to make the PC usable again until the RAM gets critical again.


    Image 1 is RMM metrics from a users PC showing RAM (purple line) before the issues started, and after February 12th, the RAM creeping to +90% after the issues started
    Image 2 is a current image of the RMM metrics for the last month


    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]



    To make the issue more obvious, here is an image from our conference room Intel NUC, that is idle most of the time. I know that the spikes are the right side are while the PC was mostly idle and I was rebooting the PC to get the RAM to drop:

    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    To help you understand some of the things I have tried, here are samples of the alerts I got from my RMM software:

    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]



    As I mentioned above, I have 10 PCs, some are idle, having this issue. I have 2 actively used PCs that are NOT having the issue. In trying to troubleshoot, I have basically compared the idle systems with the issue to the 2 active user PCs that are not having the issue.
    Here are images from Process Explorer, Task Manager and RAMMAP from an idle system that is having the issue:

    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    Initially seeing epsecurityservice at the top of Process Explorer and in the RMM alert, I thought BitDefender Endpoint Security (GravityZone) was the issue. I applied a “disable” policy to BitDefender on an idle system and the issue did seem to stop after a reboot.

    HOWEVER, seeing svchost in the list, I also tried a Clean Boot, but disabled everything EXCEPT BitDefender and my RMM software so I could continue to connect to the system.

    Again, the issue seemed to stop with a Clean Boot and BitDefender still enabled.

    So I compared Process Explorer metrics for a system with the issue and one that doesn’t have the issue and found that epsecurityservice.exe had roughly the same RAM use between the two systems… and the numbers were not increasing steadily over time.
    This made me think BitDefender isn’t the issue but perhaps something it uses in the OS.

    So I then looked at RAMMAP and Task Manager, and that is when I saw the extremely high Paged Pool on the idle system and a relatively small Paged Pool on the system in use. So I checked all the systems with the issue and they all have extremely high paged pools, even on systems that have been rebooted and left idle for days.

    Here are screenshots of for one of my systems that is not having the RAM issue:

    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]


    And just for a comparison reference, here is what my RMM metrics for RAM look like on one of my PCs that doesn't have the issue:

    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]



    Here is a quick rundown of these systems configurations which is making it hard to determine if it is a driver issue since 4 different configurations are having the issue:

    Does anyone know what can cause extremely high active and passive opens for TCP Statistics... [​IMG]



    I'm not sure whether the huge Page Pool is okay, but it doesn't seem normal when compared to how my RAM utilization is for the 2 systems that are not having any issues.

    If anyone has suggestions on what else I should try to resolve this, I’d greatly appreciate it.

    If you want more information, please give me step-by-step simply to save time – I don’t want to waste any time assuming I know what you want and giving you the wrong info.

    Thanks in advance for the help!!
     
    bumgarb42, Apr 13, 2021
    #4
Thema:

Does anyone know what can cause extremely high active and passive opens for TCP Statistics...

Loading...
  1. Does anyone know what can cause extremely high active and passive opens for TCP Statistics... - Similar Threads - Does anyone cause

  2. Does anyone know what this means?

    in Windows 10 Gaming
    Does anyone know what this means?: I don't know much at all about computers, so please forgive my ignorance. My Wi-Fi driver Intel Wireless - AC 9560 keeps failing, but I don't if this has anything to do with that. I pushed the maintenance button and it showed this warning. Will this help with my Wi-Fi Driver?...
  3. Does anyone know what could be causing this. And how to fix it

    in Windows 10 Gaming
    Does anyone know what could be causing this. And how to fix it: Like it just happens randomly. I thought it might be the cable but the cable seems to be all good. https://answers.microsoft.com/en-us/windows/forum/all/does-anyone-know-what-could-be-causing-this-and/c3aa7384-6521-41d1-9c20-ed4123759d8b
  4. Does anyone know what could be causing this. And how to fix it

    in Windows 10 Software and Apps
    Does anyone know what could be causing this. And how to fix it: Like it just happens randomly. I thought it might be the cable but the cable seems to be all good. https://answers.microsoft.com/en-us/windows/forum/all/does-anyone-know-what-could-be-causing-this-and/c3aa7384-6521-41d1-9c20-ed4123759d8b
  5. Anyone know what's causing these artifacts?

    in Windows 10 Ask Insider
    Anyone know what's causing these artifacts?: [ATTACH] submitted by /u/No_Masterpiece4305 [link] [comments] https://www.reddit.com/r/Windows10/comments/ml5nqm/anyone_know_whats_causing_these_artifacts/
  6. Does anyone know what caused this bsod and how to fix it?

    in Windows 10 BSOD Crashes and Debugging
    Does anyone know what caused this bsod and how to fix it?: I've been getting a lot of bsod's lately. Mainly from driver "ntoskrnl.exe" I've checked from Blue screen view I've done !analyze command for the latest one: For analysis of this file, run !analyze -v 3: kd> !analyze -v...
  7. Does anyone know what is this?

    in Windows 10 Ask Insider
    Does anyone know what is this?: [ATTACH] submitted by /u/copZ97 [link] [comments] https://www.reddit.com/r/Windows10/comments/l62i5z/does_anyone_know_what_is_this/
  8. Does anyone knows what is it?

    in Windows 10 Customization
    Does anyone knows what is it?: Does anyone knows what is it showing on the picture. It keeps happening when I'm playing game. I play FPS, it might be the tab, cap locks, shift keys of some kind of combination. When it happens whenever key I press, it will force the game to go to the desktop. Most of the it...
  9. tinylumala.exe does anyone know what this is ?

    in Windows 10 Software and Apps
    tinylumala.exe does anyone know what this is ?: found this on my system . what is it? https://answers.microsoft.com/en-us/windows/forum/all/tinylumalaexe-does-anyone-know-what-this-is/b3f8751c-e830-47fa-8801-8c60176d028c
  10. Does anyone know what this is?

    in Windows 10 Ask Insider
    Does anyone know what this is?: [ATTACH] Weird multiplying tabs that I can only see in task manager keep randomly showing up and they all have this logo on it. I've tried resetting my computer and looking for it in the control pannel but I cannot find anything. I close them only for 10 more to appear...