Did you mean the double negative there Marcos? I find it confusing, so rephrasing with out the double negative are you saying: "It's highly likely to be a true positive." or am I confused? That sounds like I'm disabling some of the protection ESET offers. Seems like a bad idea if true positives can happen within the trusted zone. Assuming the desktop computer (which runs ESET full disk scans daily) is not infected, the "port scanning" it is doing on the laptop is likely to be running Microsofts Link-local Multicast Name Resolution (LLMNR) while the link is under load. Either that or we have to blame ShadowProtects remote file writing protocol. I'm hesitant to do that as I'm sure I have seen it when loading the link with other traffic, just not as consistently. I suppose it is still possible though.