Firewalla blocked as TCP Port Scanning attack ( Win32/Botnet.generic)

[techpaulb 0]

Hello

I have a Firewalla Gold that causes ESET Internet Security (16.2.15.0) to issue warnings of a TCP Port Scanning attack (Win32/Botnet.generic).

I don't think there is malware on the Firewalla Gold device and I believe it is Firewalla's Internal Port Scan that "does scan's to the network to detect services and also devices that are not on your DHCP table."

I have tried to follow [KB2939] Exclude an IP address from IDS in ESET Windows home products (15.x – 16.x) but I don't have the zones this KB article talks about my layout of ESET is different to what is pictured in the KB article.

Is there a way to confirm that it is a legitimate functioning of Firewalla and not any malware?

Thanks

Paul

 

[Marcos 4,935]

The device most likely performs port scanning which is detected by ESET's Network protection. To verify my assumption, carry on as follows:

1. Enable advanced logging under Help and support -> Technical support
2. Reproduce the port scan detection
3. Stop logging
4. Collect logs with ESET Log Collector and upload the generated archive here.

[itman 1,630]

23 hours ago, techpaulb said:

I have tried to follow [KB2939] Exclude an IP address from IDS in ESET Windows home products (15.x – 16.x) but I don't have the zones this KB article talks about my layout of ESET is different to what is pictured in the KB article.

Looks like this KB needs to be updated to reflect ver. 16 changes.

Refer to the below screen shot. Enter Firewalla Gold gateway local subnet IP address as the remote IP address and that should work;

Edited November 3 by itman