Small private networks are a necessary part of our business. We also run some small networks with Internet connectivity through firewall routers. The smallest of these networks has only a printer and a mix of five CentOS and Windows 7
We use a commercial protection product on the W7 system. This product has worked well guarding against unwanted software on the system for about three and a half years. Scans are scheduled and performed routinely once a week or on demand at various times.
A recent update to this protection product has caused it to start probing the network for other systems. There is sometimes a message following scans indicating that there are other systems on our network that are unprotected. It appears that the two systems it is naming are a CentOS 6
system and the HP printer.
This network probing does not happen with every scan that is run by the protection software and we have not been able to determine what causes that probing to be initiated. We also do not know exactly what is happening over the network during the probing activity. The protection software support folks have been no help in figuring out what is going on.
There seems to be no good reason for the probing message to name only these two systems. The available printer status shows no indication of network traffic associated with this probing activity. The CentOS 6 system also does not indicate any related network activity from the system that is running the protection software. We have tried unsuccessfully to capture the network probing activity using Wireshark.
Any ideas regarding how to track down what is happening here would be greatly appreciated.