gary_seven 2 Posted October 25, 2023 Posted October 25, 2023 Am pulling (what's left of) my hair out with this. I am running ESET Smart Securiy Premium on all my home devices (with no problems). My home network uses a Ubiquiti UDM router. I've configured the UDM with honeypots on all of its VLANs. -- Everything runs fine EXCEPT I keep receiving honeypot alerts from the UDM (approximately EVERY hour) stating MY PC triggered it. I've run dozens of scans (ESET, Malwarebytes, others) on my PC and consistently come up clean. So, I'm thinking that MAYBE (hopefully?) there's some background ESET process that's automatically running (hourly) and scanning my network. Is there? Any and all help appreciated.
Administrators Marcos 5,468 Posted October 25, 2023 Administrators Posted October 25, 2023 Couldn't it be that you clicked Scan your network in the Network Inspector pane? Otherwise NI should just passively listen on the network.
gary_seven 2 Posted October 25, 2023 Author Posted October 25, 2023 Marcos - Thanks for your quick response. As mentioned, these honeypot access alerts are being sent hourly - something is accessing them on an ongoing basis, and the only identifier on the router is that it's my laptop. I am not / did not do a network scan via NI. Is there any sort of ESET "deeper" scan that I can do to check my laptop (I've already done Smart Scan, In-Depth Scan, and Computer Scan). I'm concerned that there may be something lurking. One other thing I'll try is to wait for the next alert and then check my Windows logs to see if something coincides.
Administrators Marcos 5,468 Posted October 25, 2023 Administrators Posted October 25, 2023 Does disabling Network inspector actually make a difference?
gary_seven 2 Posted October 25, 2023 Author Posted October 25, 2023 (Duh) Great suggestion! I'll disable it now and see.
gary_seven 2 Posted October 25, 2023 Author Posted October 25, 2023 Marcos- Well, I'm confused... As you suggested, I disabled NI - waited > 1 hour - NO HONEYPOT access alert. Yahoo! So, re-enabled NI - waited > 1 hour - still no honeypot access alert. Strange; Expected them to start again. Just to satisfy my own curiosity, I rebooted my laptop and, unfortunately the alert was sent again. So, I'm still suspecting that I either have (A) a deeply hidden piece of malware OR (B) it truly is a problem with NI, is there any type of scan from ESET that I can perform to rule out option A (a deeper scan than what ESET Smart Security Premium provides?
itman 1,808 Posted October 25, 2023 Posted October 25, 2023 (edited) 20 minutes ago, gary_seven said: Just to satisfy my own curiosity, I rebooted my laptop and, unfortunately the alert was sent again. Network Inspector performs network validation activities at system startup time, resume from sleep mode, etc.. Again disable NI and keep it disabled. Reboot the PC. Do the alerts now appear? Edited October 25, 2023 by itman
gary_seven 2 Posted October 25, 2023 Author Posted October 25, 2023 Disabled NI, rebooted and waiting to see if any alerts (5 mins after reboot and no alerts so far).
gary_seven 2 Posted October 26, 2023 Author Posted October 26, 2023 itman - almost an hour and no alerts with NI disabled. Next steps?
Solution itman 1,808 Posted October 26, 2023 Solution Posted October 26, 2023 13 hours ago, gary_seven said: itman - almost an hour and no alerts with NI disabled. Next steps? I have Network Inspector permanently disabled since it interferes with my ISP issued router's 6rd tunnel processing. Looks like you will have to do the same. You don't need Network Inspector. It's primary purpose is scan your network for any rogue devices that might exist.
gary_seven 2 Posted October 27, 2023 Author Posted October 27, 2023 itman - Thanks for your simple and logical solution. Since deactivating NI, haven't received any alerts. I, too, will leave this disabled.
Recommended Posts