AI Protection Alerts Coming From LAN Client

[Tech9]

AiProtect started to block scams

Not necessarily scams. A friend of mine had his legitimate online store flagged by TrendMicro. It took him a week to clear it out. It could be competition report, payment options available flagged by AI scanner, or some similarities to another scam site determined by AI scanner. There are false positives.

 

[YrbkMgr]

So, there is something on that machine that attempts router exploits. After not getting AI Protection blocs since October of 2021, they started again in Jan & Feb 2022 even though Internet access was disabled for the client IP at the router. This pisses me off, so I would like to solicit the opinions of the experts here about the following.

I have a log file of attempted exploits, with date and timestamp. Is there a way to try to marry up exploit attempts with activity on the client? To see who was using the phone at that time, so to speak. If I could see what was going on in the narrowed time frame, I might find the culprit. What tool(s) would help to reveal that? (event viewer, process explorer/monitor, some windows log, other admin tools, etc.)

If you were to attempt it, how would you go about it? Or is it a stupid approach?

FWIW, I've run everything from rkill -> Avast -> MS Malicious Software Removal, etc. several times. I've clearly not caught it and I'm going to hunt it down.