We operate a star shaped network with a central hub branching out to many non-interconnected sites. At a few of these sites there have been non user-generated attempts to access the NIC of a networked UPS. The UPS provides us an alert which identifies the IP that the reqest came from. We have isolated the workstations that these requests are coming from. We have updated the SEP client to lastest available from our SEPM server 12.1.7 and performed full scans. We've also tried scanning with other free scanning tools like Malwarebytes. So far we have been unable to identify any software trying to connect to network devices from these machines.
Are their any other scanning or live detection features within this SEP client version that could help us idenfy and remove this threat?