Looking for insight troubleshooting a sudden new condition on our 6.5 SP8 eDir ver 8.7.x.x network with numerous, unexplained Intruder Lockouts. Aside from the possibility of malicious behavior which we're looking into, trying to troubleshoot possibility of non-malicious mis-behavior. The symptom began quite coincidentally to the most recent Microsoft Patch Tuesday updates (10 Feb 2015) which have been pushed out. No other substantial changes to the network have been made. We run GroupWise and ZCM.

We are a hybrid network of which the majority of workstations are also joined to an AD domain as well as the bulk of those users. We also employ a combination of WSUS and F-Secure patch management.

Looking for any insight/tools/tricks to help narrow down the cause. Greatly appreciate any help.