[KB7487] Resolve an "Incoming.Attack.Generic" or "Botnet.CnC.Generic" network protection alert

Issue

Solution

These alerts occur when a user has open ports on a hardware firewall and a malicious IP address is trying to engage in hacking attempts or other malicious behavior.

Detected report

When alerts have been detected and blocked ESET endpoint will report the Action as Detected in the ESET PROTECT Server.

Check a global blacklist to verify if the Public IP address is blacklisted. 

When a user is affected by multiple alerts from different source IP addresses, it can also mean the attacker is running a vulnerability scan on their public IP address.

EsetIpBlacklist alert

The source IP address is the public IP address and the target is the machine with the open port.

We recommend that users do not have any open ports to the internet.

Figure 1-1

Botnet.Cnc.Generic alert

ESET detects the source IP address and notifies the user which ports are open on the hardware firewall.

We recommend that users do not have any open ports unless it is necessary and that all malicious public IP addresses that ESET detects on their hardware firewall are blocked.

Figure 2-1
This article applies to
Product
OS
Issue
Related articles
Why does my protection status change color and what does each color mean? (Windows)
Open or close (allow or deny) a specific port on the ESET firewall in ESET home and small office products for Windows
Last Updated: Dec 8, 2023

Additional resources

User Guides

ESET Forum

YouTube videos

Support News Customer Advisories ESET Status Portal Contact ESET Technical Support

Existing customer?

Chat with ESET AI Advisor for support