Question about ESET and honeypot alerts

[gary_seven 2]

Am pulling (what's left of) my hair out with this. I am running ESET Smart Securiy Premium on all my home devices (with no problems). My home network uses a Ubiquiti UDM router. I've configured the UDM with honeypots on all of its VLANs. -- Everything runs fine EXCEPT I keep receiving honeypot alerts from the UDM (approximately EVERY hour) stating MY PC triggered it. I've run dozens of scans (ESET, Malwarebytes, others) on my PC and consistently come up clean.

So, I'm thinking that MAYBE (hopefully?) there's some background ESET process that's automatically running (hourly) and scanning my network. Is there?

Any and all help appreciated.

[Marcos 5,085]

Couldn't it be that you clicked Scan your network in the Network Inspector pane? Otherwise NI should just passively listen on the network.

[gary_seven 2]

Marcos -

Thanks for your quick response. As mentioned, these honeypot access alerts are being sent hourly - something is accessing them on an ongoing basis, and the only identifier on the router is that it's my laptop. I am not / did not do a network scan via NI.

Is there any sort of ESET "deeper" scan that I can do to check my laptop (I've already done Smart Scan, In-Depth Scan, and Computer Scan). I'm concerned that there may be something lurking.

One other thing I'll try is to wait for the next alert and then check my Windows logs to see if something coincides.

[Marcos 5,085]

Does disabling Network inspector actually make a difference?

[gary_seven 2]

(Duh) Great suggestion!  I'll disable it now and see.

[gary_seven 2]

Marcos-

Well, I'm confused...  As you suggested, I disabled NI - waited > 1 hour - NO HONEYPOT access alert. Yahoo!

So, re-enabled NI - waited > 1 hour - still no honeypot access alert. Strange; Expected them to start again.

Just to satisfy my own curiosity, I rebooted my laptop and, unfortunately the alert was sent again.

So, I'm still suspecting that I either have (A) a deeply hidden piece of malware OR (B) it truly is a problem with NI, is there any type of scan from ESET that I can perform to rule out option A (a deeper scan than what ESET Smart Security Premium provides?

[itman 1,667]

20 minutes ago, gary_seven said:

Just to satisfy my own curiosity, I rebooted my laptop and, unfortunately the alert was sent again.

Network Inspector performs network validation activities at system startup time, resume from sleep mode, etc..

Again disable NI and keep it disabled. Reboot the PC. Do the alerts now appear?

Edited October 25, 2023 by itman

[gary_seven 2]

Disabled NI, rebooted and waiting to see if any alerts (5 mins after reboot and no alerts so far).

 

[gary_seven 2]

itman -

almost an hour and no alerts with NI disabled. Next steps?

[itman 1,667]

13 hours ago, gary_seven said:

itman -

almost an hour and no alerts with NI disabled. Next steps?

I have Network Inspector permanently disabled since it interferes with my ISP issued router's 6rd tunnel processing. Looks like you will have to do the same.

You don't need Network Inspector. It's primary purpose is scan your network for any rogue devices that might exist.

[gary_seven 2]

itman -

Thanks for your simple and logical solution. Since deactivating NI, haven't received any alerts. I, too, will leave this disabled.