Has anyone ever come across the sansv.exe process? We found it on our SQL Server (Win 2K3 – fully patched) today after it crippled our internal network with packet traffic. Killing the process seemed to directly relate to a huge drop in server communications (back to normal), but I can’t seem to find any information on what it is or where it came from.
It seemed to be generating a lot of traffic over a variety of ports >2500 all destined for a series of seemingly random IP addresses (all outside our network) on Port 129.
Has anyone ever seen this? Is this an exploit? Bug? New Feature? Compromise?