Nightowl

But looks like this workstation has it's VNC ports open to WAN.

It's usually available for older version , some kind of version 9 and 10 era , but recently you cannot find anything , and most of the times those places/software where you could find keys or some blog in chinese , they almost don't exist But if you are talking about exploits in recent versions then that is a different story

Only forum admins/moderators , we aren't.

There is an ability if I am not mistaken to lockout the other settings , where they can only be forced by the policy and cannot be changed by the user at all , so you can disable all and let the firewall for him with his custom password

Make another policy for the specific 2 machines that this user uses , make another password for him only and give him the password if you are allowed to. I was going to tell you to not password them and mark settings to be forced by policy only , but that's not safe practice

It's better described here : https://support.eset.com/en/kb2843-create-a-firewall-rule-to-allowdisallow-use-of-a-certain-application-in-my-windows-eset-home-product Just put a BLOCK instead of Allow , and for the exe path put C:\Program Files (x86)\Google\Update\GoogleUpdate.exe and then manually check for update in Chrome , it should fail. Disabling the services can help you also stop the update , but if it got enabled , it will update automatically , but you can disable them and only manually they can be started.

All VNC stuff is a nightmare , it's more recommended to be used on LAN only if there is a possibility or limit it's access from WAN to specific IP Addresses , or by making connection available only through your own VPN. For now , it's better to firewall your VNC ports to only specific IP Addresses that should connect , and you better update it because they are trying to exploit it

To me both of them are good products and worth trying but since I've been using ESET since ages and I got used to it and because it's light , I can't move to another product , but Kaspersky is worth a try , I want to give it a try someday also.

So it all goes back to the same root , Behavior Control / Application Control

You just need to follow the trouble till you reach it , like you need to test things , you disconnected your drives and yet still your PC still hanged up? then you might need to look another where PSU power , memory cards (RAM) , etc whatever But I doubt it's a virus , because it sounds more likely an hardware failure.

So what if we change the executable name from wscript.exe to w.exe , will it be denied the same by HIPS ? or it will bypass the block?

You should upgrade your clients to the latest version which is 7.3 , and your endpoints would need a restart after that upgrade because there are lot of changes under the hood from 7.2 to 7.3 , after that you don't need to anything, all you need is to upgrade the endpoints.

I am afraid I don't represent ESET as I do not work for them or they have employed me in some way , I just spend my time here. You are asking for services that AV companies doesn't do , and their AV software for phones aren't built for the kind of protection you are asking for. You want something to protect your phone from physical kind of hacking and GSM eaves dropping , which both of them ESET cannot help you with, and your government won't stop trying to eaves drop on you if they want to. You would need a CyberTech (Security) company more than an AV company , that they will do penetrating testing on your networks and phones and see your exploits, including the GSM one if they have an exploit for it.

You are welcome

The updatem is a disabled service for me , I wonder if it has any use or maybe made for an older operating systems , nevermind it leads to the same exe path The Google Update path is here : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe You would just need to block this from having outgoing connections and also incoming to block it , is possible , then you would deny the ability for chrome to update but as I have said before , this is not recommended as you will miss out lot of updates.

Indeed that is true , like everything in life.

But yet these people have been bluffed , they were given a false download , it's normally done through download websites or dodgy websites , or some popular torrent websites , bots would just upload torrents with fake seeders count so it could reach a good ranking and infect lot of people As I've said , never was Games and Software cracks requesting/reporting data to somekind of a server unless it's fake or injected with a virus and re-uploaded to the internet. Usually people who crack software/games don't put crazy things , the SCENE(It's called like this) never do that , and they never want their releases out to the public , so it's never from crackers , P2P solutions is different story and can be modified and changed to whatever and re-released And fake torrents/downloads are another story because there are bots/people who work all the time to do that. To infect , to deny you from finding the right download , etc... It's due to the user inability to distinguish between what is good and what is wrong.

Yes mate it's available in every device that works as WI-FI Access Point , it will give you the ability to password it with the available ways (WPA,2,3) and encryption types (depends on the models of every router) Usually a firmware like OPENWRT brings lot and lot of things to your router even it's an old junk box for example WPA2 can be cracked through some exploit , if your router isn't patched and protected against that exploit then someone can exploit it and do malicious things to your network. WPA3 in the same time , still not supported by all devices everywhere as it's still 'new' somehow.

For both, but if you normally use hacktools , it will drive you crazy with detection triggers.(If you enable UNSAFE Applications) Enabling PUA is also helpful as it could help you get rid of possible junk from your PC.

Including an image in the post will cause an error of INVALID_URL Removing the image from the post but keeping it in Attachments can get you through to post , otherwise you will keep getting INVALID_URL It ceased for now.

Welcome back

For my personal use , I run all at Aggressive , if I have a trouble somewhere , I will just make some adjustments and continue on.

This can explain better than I do :

ESET has added the detection earlier for the shortcut link , same as the other file which was in the Roaming Folder , it wasn't detected because it was missing the .ext , but as far as I understood it should be detected by now even without the .JS

It's completely normal It's available here : https://support.eset.com/en/kb3204-configure-eset-products-to-detect-or-ignore-unwanted-unsafe-and-suspicious-applications For example a software called CheatEngine which is used to make trainers/modify memory while in-game , enabling the option of UNSAFE apps will trigger CheatEngine as a HACKTOOL , while it's completely normal and non-malicious software , but the detection has it's name for the software , it is a HACKTOOL