techpaulb 0 Posted November 2, 2023 Share Posted November 2, 2023 Hello I have a Firewalla Gold that causes ESET Internet Security (16.2.15.0) to issue warnings of a TCP Port Scanning attack (Win32/Botnet.generic). I don't think there is malware on the Firewalla Gold device and I believe it is Firewalla's Internal Port Scan that "does scan's to the network to detect services and also devices that are not on your DHCP table." I have tried to follow [KB2939] Exclude an IP address from IDS in ESET Windows home products (15.x – 16.x) but I don't have the zones this KB article talks about my layout of ESET is different to what is pictured in the KB article. Is there a way to confirm that it is a legitimate functioning of Firewalla and not any malware? Thanks Paul Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted November 2, 2023 Administrators Share Posted November 2, 2023 The device most likely performs port scanning which is detected by ESET's Network protection. To verify my assumption, carry on as follows: Enable advanced logging under Help and support -> Technical support Reproduce the port scan detection Stop logging Collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
itman 1,667 Posted November 3, 2023 Share Posted November 3, 2023 (edited) 23 hours ago, techpaulb said: I have tried to follow [KB2939] Exclude an IP address from IDS in ESET Windows home products (15.x – 16.x) but I don't have the zones this KB article talks about my layout of ESET is different to what is pictured in the KB article. Looks like this KB needs to be updated to reflect ver. 16 changes. Refer to the below screen shot. Enter Firewalla Gold gateway local subnet IP address as the remote IP address and that should work; Edited November 3, 2023 by itman Link to comment Share on other sites More sharing options...
Recommended Posts