Detected Port Scanning attack from trusted Zone PC

Did you mean the double negative there Marcos?
I find it confusing, so rephrasing with out the double negative are you saying: "It's highly likely to be a true positive." or am I confused?

That sounds like I'm disabling some of the protection ESET offers. Seems like a bad idea if true positives can happen within the trusted zone.

Assuming the desktop computer (which runs ESET full disk scans daily) is not infected, the "port scanning" it is doing on the laptop is likely to be running Microsofts Link-local Multicast Name Resolution (LLMNR) while the link is under load.
Either that or we have to blame ShadowProtects remote file writing protocol. I'm hesitant to do that as I'm sure I have seen it when loading the link with other traffic, just not as consistently. I suppose it is still possible though.

 

I meant that the chance the detection of the port scan attack is not real is very low. I apologize for the wording that might have confused you, English is not my mother tongue

Unfortunately, it's not currently possible to disable just a particular IDS detection for a specific IP address. For instance, some network printers scan ports remotely which triggers an attack detection.
Computers and devices in the Trusted zone are not automatically excluded from IDS (active protection). If you trust the devices in the TZ and receive IDS detections, you can disable IDS in the TZ.

 

I have found Spiceworks to cause this error on a corporate network, at least I am pretty sure it is Spiceworks as it is also a DC and also running GoverLAN (the other three DC's on the network dont trigger these alerts). It would be good to be able to configure "ultra-Trusted" IP addresses for corporate networks (eg DC's, network managment systems etc) that are exempt from IPS and push these settings out via RA.

Regards
Ben