Looking for insight troubleshooting a sudden new condition on our 6.5 SP8 eDir ver 8.7.x.x network with numerous, unexplained Intruder Lockouts. Aside from the possibility of malicious behavior which we're looking into, trying to troubleshoot possibility of non-malicious behavior. The symptom began roughly coincidental(?) to the most recent Microsoft Patch Tuesday updates which have been pushed out. No other substantial changes to the network have been made.

We are a hybrid network of which the majority of workstations are also joined to an AD domain as well as the bulk of those users. We also employ a combination of WSUS and F-Secure patch management.

Looking for any insight/tools/tricks to help narrow down the cause. Greatly appreciate any help.