Jump to content
An upgrade will take place on June 18, 2024 during the midday hours (UTC). The Forum will not be accessible for a short period of time. ×

Question about ESET and honeypot alerts


Go to solution Solved by itman,

Recommended Posts

Am pulling (what's left of) my hair out with this. I am running ESET Smart Securiy Premium on all my home devices (with no problems). My home network uses a Ubiquiti UDM router. I've configured the UDM with honeypots on all of its VLANs. -- Everything runs fine EXCEPT I keep receiving honeypot alerts from the UDM (approximately EVERY hour) stating MY PC triggered it. I've run dozens of scans (ESET, Malwarebytes, others) on my PC and consistently come up clean.

So, I'm thinking that MAYBE (hopefully?) there's some background ESET process that's automatically running (hourly) and scanning my network. Is there?

Any and all help appreciated.

Link to comment
Share on other sites

  • Administrators

Couldn't it be that you clicked Scan your network in the Network Inspector pane? Otherwise NI should just passively listen on the network.

image.png

Link to comment
Share on other sites

Marcos -

Thanks for your quick response. As mentioned, these honeypot access alerts are being sent hourly - something is accessing them on an ongoing basis, and the only identifier on the router is that it's my laptop. I am not / did not do a network scan via NI.

Is there any sort of ESET "deeper" scan that I can do to check my laptop (I've already done Smart Scan, In-Depth Scan, and Computer Scan). I'm concerned that there may be something lurking.

One other thing I'll try is to wait for the next alert and then check my Windows logs to see if something coincides.

Link to comment
Share on other sites

Marcos-

Well, I'm confused...  As you suggested, I disabled NI - waited > 1 hour - NO HONEYPOT access alert. Yahoo!

So, re-enabled NI - waited > 1 hour - still no honeypot access alert. Strange; Expected them to start again.

Just to satisfy my own curiosity, I rebooted my laptop and, unfortunately the alert was sent again.

So, I'm still suspecting that I either have (A) a deeply hidden piece of malware OR (B) it truly is a problem with NI, is there any type of scan from ESET that I can perform to rule out option A (a deeper scan than what ESET Smart Security Premium provides?

Link to comment
Share on other sites

20 minutes ago, gary_seven said:

Just to satisfy my own curiosity, I rebooted my laptop and, unfortunately the alert was sent again.

Network Inspector performs network validation activities at system startup time, resume from sleep mode, etc..

Again disable NI and keep it disabled. Reboot the PC. Do the alerts now appear?

Edited by itman
Link to comment
Share on other sites

  • Solution
13 hours ago, gary_seven said:

itman -

almost an hour and no alerts with NI disabled. Next steps?

I have Network Inspector permanently disabled since it interferes with my ISP issued router's 6rd tunnel processing. Looks like you will have to do the same.

You don't need Network Inspector. It's primary purpose is scan your network for any rogue devices that might exist.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...