Jump to content

Recommended Posts

Posted

Am pulling (what's left of) my hair out with this. I am running ESET Smart Securiy Premium on all my home devices (with no problems). My home network uses a Ubiquiti UDM router. I've configured the UDM with honeypots on all of its VLANs. -- Everything runs fine EXCEPT I keep receiving honeypot alerts from the UDM (approximately EVERY hour) stating MY PC triggered it. I've run dozens of scans (ESET, Malwarebytes, others) on my PC and consistently come up clean.

So, I'm thinking that MAYBE (hopefully?) there's some background ESET process that's automatically running (hourly) and scanning my network. Is there?

Any and all help appreciated.

  • Administrators
Posted

Couldn't it be that you clicked Scan your network in the Network Inspector pane? Otherwise NI should just passively listen on the network.

image.png

Posted

Marcos -

Thanks for your quick response. As mentioned, these honeypot access alerts are being sent hourly - something is accessing them on an ongoing basis, and the only identifier on the router is that it's my laptop. I am not / did not do a network scan via NI.

Is there any sort of ESET "deeper" scan that I can do to check my laptop (I've already done Smart Scan, In-Depth Scan, and Computer Scan). I'm concerned that there may be something lurking.

One other thing I'll try is to wait for the next alert and then check my Windows logs to see if something coincides.

  • Administrators
Posted

Does disabling Network inspector actually make a difference?

image.png

Posted

Marcos-

Well, I'm confused...  As you suggested, I disabled NI - waited > 1 hour - NO HONEYPOT access alert. Yahoo!

So, re-enabled NI - waited > 1 hour - still no honeypot access alert. Strange; Expected them to start again.

Just to satisfy my own curiosity, I rebooted my laptop and, unfortunately the alert was sent again.

So, I'm still suspecting that I either have (A) a deeply hidden piece of malware OR (B) it truly is a problem with NI, is there any type of scan from ESET that I can perform to rule out option A (a deeper scan than what ESET Smart Security Premium provides?

Posted (edited)
20 minutes ago, gary_seven said:

Just to satisfy my own curiosity, I rebooted my laptop and, unfortunately the alert was sent again.

Network Inspector performs network validation activities at system startup time, resume from sleep mode, etc..

Again disable NI and keep it disabled. Reboot the PC. Do the alerts now appear?

Edited by itman
Posted

Disabled NI, rebooted and waiting to see if any alerts (5 mins after reboot and no alerts so far).

 

Screenshot 2023-10-25 161512.jpg

Posted

itman -

almost an hour and no alerts with NI disabled. Next steps?

  • Solution
Posted
13 hours ago, gary_seven said:

itman -

almost an hour and no alerts with NI disabled. Next steps?

I have Network Inspector permanently disabled since it interferes with my ISP issued router's 6rd tunnel processing. Looks like you will have to do the same.

You don't need Network Inspector. It's primary purpose is scan your network for any rogue devices that might exist.

Posted

itman -

Thanks for your simple and logical solution. Since deactivating NI, haven't received any alerts. I, too, will leave this disabled.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...