virus logo Application Control

Directory.Replication.Service.Remote.Protocol.DSGetNCChanges

description-logo Description

This indicates detection of a DRSUAPI DSGetNCChanges request.
Directory Replication Service Remote Protocol (DRSUAPI) is used by domain controllers to replicate Active Directory objects between controllers. A DSGetNCChanges request starts the replication process.
Please note: if a DSGetNCChanges request comes from a source that's not a domain controller, then this is most likely a DCSync attack.
DCSync is a technique to steal credentials through DSGetNCChanges requests for domain replication.

affected-products-logoAffected Products

Windows domain networks

Impact logoImpact

Unexpected network communication

Technology

Network-Protocol

Behavior

  • Other

Version Updates

Date Version Status Detail
2023-08-31 25.631
New
ID 53580
Released Aug 30, 2023
Updated Aug 30, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Popularity black-background-star-icon black-background-star-icon black-background-star-icon black-background-star-icon black-background-star-icon
Category Network.Service
SSL Deep Inspection No
Language N/A
Deprecated No