Hello,
Hoping someone out there will be able to help provide additional information to help track down if these reports are malicious or false positives. Recently we've been getting this notification (TCP Port Scan attack Win32/Botnet.generic).
TCP port scan detected; Blocked; 192.168.0.45:62067; 192.168.0.112:23; TCP; Win32/Botnet.generic
A TCP port scan was detected and blocked. The source IP addresses and ports scanned were 192.168.0.45:62067 and 192.168.0.112:23. The malware detected was Win32/Botnet.generic.
Duplicate IP addresses detected in network; Blocked; 192.168.1.1 [b0:95:75:12:03:5d]; 192.168.1.1 [b0:95:75:12:16:13]; ARP
How to track and remove a threat.
For any information that may be able to help us identify this would be greatly appreciated!