one of our RealPresence Group 500 was in the DMZ for some unknown reason for long time with telnet enabled. As it has been moved behind the firewall we found that It has abnormal activity on the lan. It tries to connet random external IPs on port 5555 with over 100 times per second.
Is there any way to kill malware process without hard reset?
welcome to the Polycom Community.
The first thing you should do is factory restore the unit itself and then monitor it.
If someone had access to it for an unknown duration there may still be some backdoor.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Polycom Global Services