Virus scan alerts & intrusion attempts - Real?

[DTDC]

My Norton anti-virus has implicated BlueIris in intrusion attempts. Are these real?

I'm running Version 4 on Win7, purchased on disc from Amazon.

I just got this alert this morning:
An intrusion attempt by 103.145.12.230 was blocked
IPS Alert Name: Attack: Mikrotik RouterOS Information Disclosure Activity
Attacking Computer: 103.145.12.230 59224
Source address: 103.145.122.230
Traffic Description: TCP, Port 59224
Network traffic from 103.145.122.230 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME\PROGRAM FILES\BLUE IRIS\BLUEIRIS.EXE

Virustotal shows some alerts on my BlueIris.exe file: VirusTotal

Is this a real concern with BI?

Thanks,
Dave

 

[sebastiantombs]

Make sure you've excluded the main Blue Iris directory from your virus scans.

 

[sebastiantombs]

Additional thought, what ports do you have open on your router? I routinely see attacks on the VPN server that's part of my router. Nothing new about that.

 

[DTDC]

The only port I have open is 81.
It's a Linksys router. Set up in single port forwarding.
Application: Blue Iris
External port: 81
Internal port: 81
Protocol: TCP

 

[catcamstar]

Is Upnp disabled in your linksys router? Disable that one immediately.

 

[DTDC]

It was enabled. Disabled now.

 

[catcamstar]

It was enabled. Disabled now.

okay, good, now go to GRC.com and do a full port scan on your WAN IP. If your PC's firewall/antivirus is complaining about incoming packets, your pc is still vulnerable.

Good luck!
CC

 

[DTDC]

Shields Up, correct?

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

So I've got that going for me!


My Linksys router is sitting inside AT&T's DSL router if that matters to any of this.

 

[catcamstar]

Shields Up, correct?

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

So I've got that going for me!


My Linksys router is sitting inside AT&T's DSL router if that matters to any of this.

Indeed Shield'sup is the test.

Always make sure your linksys is running on the latest & greatest security fixes. If you doubt your pc endpoint is infected/compromised, please re-install windows and redeploy your apps on it.

Good luck!
CC

 

[DTDC]

Thanks! I appreciate the help.

As luck would have it, I'm beginning the long, dreadful process of migrating my workstation over to Windows 10. Decided that the least painful method would be to do a fresh OS install on a new HDD and set up a dual-boot option until I migrate everything over. I just loaded BI onto the new HDD, but haven't yet connected any cameras. We'll see how it goes from here as I slowly move along. I should probably upgrade to V5 before I get too far into cluttering up this new OS.