Homeshield Security (XE75 Pro) feels unsafe
I recently (May 31st) upgraded a Deco M9 Plus mesh to Deco XE75 Pro. Reluctantly because I anticipated having to pay for security features that were previously free, but I wanted an upgraded network in the house and saw benefit in the ability to use the M9s as additional access points to reach the far corners of the house with better wifi (that is also not without problems it turns out, but may be related to device rather than the Deco's). I also wanted more LAN ports to be able to ditch a small switch I had to use previously.
My concern is as follows: After activating one of the XE75 Pro's as main Deco and upgrading Homecare to HomeShield as expected, and signing up for the paid security package ("Advanced"?), I did not feel safe at all.
I run a NAS with some ports open for external communication and in the Homecare version of the Deco app I could frequently see various attacks being blocked. On average every 1-4 hours the log showed an attack attempt in the form of "WEB Remote Command Execution via Shell Script -1.h", "WEB PHPUnit CVE-2017-9841 Arbitrary Code Execution Vulnerability" etc. believe I run my NAS fairly tight and generally don't have any problems except the occational brute force login attempts from a specific IP-range which I then block manually, but it's nice to see Homecare picking out some of the most obvious attacks right away.
On the contrary with HomeShield over the course of 7 days I got a total of 3 notifications of threats, 2 of them being listed as being portscanning attempts from my own devices internally on my locan network. Nothing about blocked vulnerabilities etc.
Now it's possible these blocks of external attacks were still taking place with HomeShield, but I don't know, they were not even showing up in the reports. I just know that as soon as I switched back to running one of the M9 Plus as main Deco with Homecare, the warnings kept popping up again, so it's not like the attacks had magically stopped. It's also worth noting that the worst brute force attack I have seen so far happened in this week, with HomeShield not detecting anything. I had to manually discover it on my NAS, determine the IP range it originated from, and block it on the NAS because Deco does not allow blocking external IP's only internal devices.
