Hey,
So found that one of our Server 2008r2 machines was infected with Malware due to the AV being turned off (still investigating that). Got the MS offline virus scanner and it cleaned up the few infected files. Rebooted, scanned again nothing left.
This machine is now unable to browse to any HTTPS site. It can still serve HTTPS no problem and it can access/serve HTTP sites no problem. It's a plesk windows server with IIS.
Here are a couple things that I've tried to do to fix this issue:
-I downloaded TCPING and that is confirmed that it cannot ping out on 443 but can on all the other ports I tried.
-Wireshark shows no 443 traffic at all on either NIC while running a TCPING (This has two NICs, one for internal and one external traffic)
-Added a rule to the Windows firewall to allow all 443 out, no change.
-Totally disabled the Windows firewall, no change.
-Disabled/Removed the AV from the system, no change.
-Reset the TCP/IP stack, no change.
-Removed and re-added the NICs (including drivers), no change.
-Took the Kapersky tdskiller, nothing found.
-Got TCPView, it shows that when TCPING or any other program attempts to connect to any HTPS site it only gets the SYN_SENT. That just times out, no ACKs or ESTABLISHED.
How can I find what is grabbing all the 443 traffic before it even hits the NIC?
I really appreciate any help in this matter from the [H] community!
So found that one of our Server 2008r2 machines was infected with Malware due to the AV being turned off (still investigating that). Got the MS offline virus scanner and it cleaned up the few infected files. Rebooted, scanned again nothing left.
This machine is now unable to browse to any HTTPS site. It can still serve HTTPS no problem and it can access/serve HTTP sites no problem. It's a plesk windows server with IIS.
Here are a couple things that I've tried to do to fix this issue:
-I downloaded TCPING and that is confirmed that it cannot ping out on 443 but can on all the other ports I tried.
-Wireshark shows no 443 traffic at all on either NIC while running a TCPING (This has two NICs, one for internal and one external traffic)
-Added a rule to the Windows firewall to allow all 443 out, no change.
-Totally disabled the Windows firewall, no change.
-Disabled/Removed the AV from the system, no change.
-Reset the TCP/IP stack, no change.
-Removed and re-added the NICs (including drivers), no change.
-Took the Kapersky tdskiller, nothing found.
-Got TCPView, it shows that when TCPING or any other program attempts to connect to any HTPS site it only gets the SYN_SENT. That just times out, no ACKs or ESTABLISHED.
How can I find what is grabbing all the 443 traffic before it even hits the NIC?
I really appreciate any help in this matter from the [H] community!