![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
44 questions
I'm not so sure it was S1 in my environment. We have over 100 servers running S1 and I've only seen this issue on 2 of em. Funny enough they are a Prod and Dev box running the same things. I'm leaning more towards some piece of software (at least in my case) since it happened to both, and around the same time. It COULD be S1 blocking stuff based on the software being ran on the computers though. I wish I had some way to verify, but when RPC goes down it takes event logging with it. RIP
I did raise this issue with my SOC when it first started happening as I though it may be DNS being blocked as well. They checked and didn't see S1 doing anything funny on either box.