Nightowl

Thank you Marcos , ITMAN It isn't my business account , I just worked to clean the PC because I was asked to , and ESET was there for my luck I will inform if I was asked about LiveGuard.

I didn't notice that , I sent manually , the product on PC is ESET Endpoint Security I think Endpoint Security doesn't have LiveGuard yet , it's only available on Smart Security And file came through Skype to the affected machine.

yea i noticed that now when i got into anyrun link

Yes it's targeting financial areas , it will come as a financial file for you , it isn't me , I worked to clean the person PC , shortcut isn't detected so it's made new also , the shortcut is what was got uploaded to virustotal , but virustotal takes to truecrypt.exe , but i believe the 1.5 shortcut is something hidden , it will just become something else you can see it here also : https://any.run/report/b1afbce51ad052f936b989214964d56e2290a7fb5548763273c1fc4382cd5c1c/f26fd95b-3cc1-4578-abf1-17289380ebe5

https://www.virustotal.com/gui/file/b1afbce51ad052f936b989214964d56e2290a7fb5548763273c1fc4382cd5c1c This is not being detected by ESET , but ESET is picking it up through Advanced Memory Scanner after being ran because it came through Skype as a 1.5mb shortcut pif , i kept a copy of it inside a passworded archieve , I sent the shortcut also for Analysis through right click and submit for analysis a variant of Win32/Spy.Agent.QGW trojan C7552D69B8A7257A489BCDC31BAD099F5C2D67EA a variant of Win32/Rescoms.B trojan D00E62B42CEE99EFF56C604CF7190E2F68B3F86E Those are files that the dropper drops them , but ESET memory scanner and startup scanner picks .dlls from Appdata\local\temp\threat.dll

https://support-valorant.riotgames.com/hc/en-us/articles/4406555340179-How-to-Enable-Exploit-Protection-and-Prevent-Error-Code-VAN9002

Firewalling the RDP port to specific IP addresses , password protecting ESET , account auto lock for failures for RDP , it will limit the attack space for RDP attacks.

If someone can log into RDP and disable ESET , then ESET is not capable of defending anything Still it is not recommended to be using Windows 7 at all , since if ESET missed the threat since that can happen with any AV available on the market , then there is no way of defense against that malware Since Microsoft doesn't fix anything with 7 and 8 anymore , you are better of with 10 and 11 , or even Linux if you are against using those two systems , but not 7 and 8.

Both sites are official I bet See here you get the blue skin : http://www.videolan.org/index.en_GB.html And here you will get the orange skin : http://www.videolan.org/vlc/#download

I am not sure about it since I don't work for ESET,but I believe ESET Protect will see the computer as idle , once the screensaver kicks in. Just from my thoughts , I could be totally wrong. Try to set that policy for one computer and leave that computer and see when it kicked in , and check in the same time the screensaver setting for that computer And also if you have Domain Controllers , you can use Group Policy to modify when the PC will be idle/locked.

You are welcome my brother.

I think the help page of the second screenshot of yours have more accurate information. https://help.eset.com/essl/91/en-US/?system_requirements.html

If someone said something earlier than you , we say your life is longer than mine , so it's that way Marcos I wanted to actually say the same , Are the endpoint users with enough knowledge to decide if it's really a threat or a false positive?, It is not recommended to do so because it is in purpose they are not working in I.T department, so they shouldn't have this decision.

Try to install ESET Smart Security or ESET Internet Security - Run it as a trial for 30 days , after that you will have to buy a license to continue using it. - Run a deep scan in your system - Update your router to latest firmware available by manufacturers - Reset your router admin password , Reset your WIFI password If your router is no longer maintained and updated by the manufacturers , I highly recommend getting one that is supported , your Internet Service Provider can provide you one if you don't want to bother yourself getting one from a shop.

Just a suggestion , since you blocked Polish language of Facebook , it might just re-direct to some other domain or english language Try blocking *.facebook.com

Indeed I was wrong , I doubled checked and they do stop , I remember seeing them for a while even when I had ESET installed.

You cannot stop Defender from Updating , those Updates will be received along Windows Update files , and from Windows Update Service I believe it keeps updating because it can be used as secondary scanner with ESET (not real-time) but as on demand scanner I don't think it harms , let it update and even you can schedule it to run at different time or once per certain time to scan and give you a second opinion among ESET

It's weird , I thought it might be a crack that is trying to communicate with a weird website like this one here. Assuming you have scanned your computer and no threat is detected , and assuming that this domain wasn't bought by Microsoft suddenly , I believe there is something wrong that 365 is trying to communicate there Doing a whois search to Microsoft.com will show you that the domain is registered to Microsoft Doing a whois to the domain 365e.live shows it's privacy hidden and registered by different registrar and doesn't belong to Microsoft.

Several companies have it as Malicious as per VT scan : https://www.virustotal.com/gui/url/a8f8b7141634a4b58fd47c3669a6c306c10c384bb0fc175d53d3773a74c5921a?nocache=1 Are you using a crack on your Office program? , it could be that Also accessing the link will be blocked by uBlock Origin as it contains ad/trackers inside etc.. So ESET's block isn't false.

Try to check inside the Quarantine area in ESET , check for the file name and then search your email for that nameof.pdf and then get rid of the email , it should cease

If you have several linux devices , it is worth it to get a small buisness license for them , I believe it would be for around 11 seats , and you would control them normally through ESET Protect interface instead of the usual way of using GUI

If you don't want to use Windows Group Policy I have a simple way for this to be done , through the firewall , just block the Store exe OUT/IN .

For MITM attack to happen , you need to be on the same network with the attacker , for example the attacker would be sitting in your WIFI or LAN network Prevent access to your router from Internet side, update it to latest version or ask your Internet Service Provider to do so Change your WIFI password if you feel someone is there , and I don't think that person would be connected to you through LAN(cables) , since he have to go inside your home and to your router physically

Repeat as here https://support.eset.com/en/kb7554-unprotected-wifi-notification It's endpoint product , but should be identical as your product. That should make the notifications cease.