SeriousHoax

True. But the chance of that happening is extremely rare.

Yeah, this is expected behavior on a freshly installed Windows 11. But it bothers me also. So, I used "Defender Control" to turn off Microsoft Defender permanently which stops these updates. But Defender Control won't work with ESET already installed unless Defender's Tamper Protection was turned off prior to installing ESET. I don't know if there is any downside of using this, so do this at your own risk.

What I mean is that if the email is loaded in Thunderbird mainly when ESET's protection is off then scanning Thunderbird's profile folder might be able to pinpoint the exact email. I don't know if ESET can do that but as I shared above, Bitdefender can. I was able to find the exact email like this using Bitdefender in the past. It was an unprotected zip sample present in my sent emails that I sent to another AV lab.

If you can't find any other solution then one thing you can try is temporarily install an email client like Thunderbird which is free. Then log into your account in Thunderbird and see if ESET can pinpoint the email location this time. Maybe even disable ESET's protection temporarily while logging in so that the malicious attachment is loaded in Thunderbird's email files and then scan it using ESET. Though I don't know if ESET's scanner will show you the exact email, not every product can do this I think. This is something Bitdefender can, and it was helpful for me when I had slightly different but similar situation to yours a few years ago. Remove threats detected in e-mail attachments after a Bitdefender scan

Would you please also look at this thread where I mentioned a keyboard app that doesn't work with ESET unless keyboard protection/secure browser is disabled. Can you work for a fix for this app also?

Yeah, that's my opinion also. It should never have been implemented as a default option. It's not possible for me to recommend ESET to people around me as it stands.

Yeah, exactly. That's my point. It was not an issue when secure browser wasn't the default, but since now it is, the solution for this should come by default as well. The ESET team probably should've considered all the circumstances before making it default.

That's not a solution, though. That's a workaround. I know that disabling it makes it work but an average user doesn't know this and would have no clue. Since ESET has made the decision about secure browser being enabled by default, the solution has to come from ESET as well by default.

There's a keyboard app that I use to type in my language inside browsers and other places. But with ESET and its Keyboard Protection with Secure Browser Mode which is enabled by default, it's not possible to write with it. ESET randomizes every typed letter. This is a trusted app used by thousands or even millions who speak the language. So it's not an ideal situation. There's a decent number of ESET customers in my country and I'm sure most of them have no clue to why the app is not working. This is a major issue and something should be done to fix it. Any alternative method that requires users interaction can not be accepted. The solution has to be automatic. The app I mentioned is Avro Keyboard. There is also Bijoy which has more than one variants I think. I don't use that but I'm guessing users of Bijoy are also affected by this. So please do something about it, fix the issue. Link to download Avro: https://www.omicronlab.com/avro-keyboard.html It also has portable edition that I use. But the issue is present in both.

What you read is correct, Memory Integrity reduces gaming performance. Even Microsoft had to acknowledge it in the end. So if you prefer overal better gaming performance l, then disable it. But of course it depends on your system config. On a high-end system, the impact is low enough to ignore, I think.

That's good news. The quicker these die, the better.

Here's an article showcasing a lot of fraudulent web stores. I have not checked them all, so don't know how many are active or not. I urge @Marcosto send these to the malware analysts ASAP so that they can analyze and decide which sites need to be blocked before users get scammed from these. chair6.net – What's the word for a large collection of fraudulent web stores?

Great find and well noticed. This article was written to mainly showcase protection against cryptojackers. Maybe that's why they didn't write it. If the home version can use Intel TDT for cryptojackers then there doesn't seem to be any valid reason for not doing the same for ransomwares. I'm not sure of course, just assuming.

Microsoft everywhere writes documents only for MD Endpoint only, even though some of those are available for home MD. So it's not possible to know without an official answer. Their shared screenshot shows the MD home version's behavioral detection UI, so it's possible MD Endpoint is not necessary for this.

I'm not who you quoted, but this tool is extremely popular for quite a few years now and is available on GitHub. So if downloaded from the source, it's always the real one. The dev is always active on the malwaretips forum. His apps are also signed and never publishes a new version before making sure it's not detected by any vendor. It's possible to verify from the app itself whether the changes have been made or not and there are other ways to verify also. So those are not the issues. MD is not bad nowadays, but has some other annoying issues here and there.

Even Microsoft Defender supports Intel TDT. But Microsoft's documents almost never mention home version in anything, even though many Endpoint features are supported. So, I'm not sure if home users also benefits from it.

No, it's on even when Smart App Control is disabled. My SAC got auto disabled 1 day after my Windows 22H2 installation, but the Defender service kept running. It's the same for everyone.

It came enabled by default when Windows 11 came out without third-party AV installed. But a few months later they pushed an update somewhere along the way, either part of a Defender update or Windows update, which disabled the sandbox. It even got disabled in Windows Insider editions. Later it was enabled in Windows 11 insider editions once again. So performance impact or some bugs made MS disable it. I for example found a bug when MD won't delete threats when sandbox is enabled. It only blocked, but didn't delete.

Yeah, it uses some ram which will vary from system to system, but there's no CPU usage or any disk activity. Any usual methods like GPO doesn't work to disable the service. Other methods described by turning off tamper protection, taking ownership, changing permission, etc. should work. I have a bat script to disable the Defender service after turning off tamper protection, but won't really recommend that to novice users since the service doesn't cause any harm. So yeah, the Defender service running even with third-party AV installed is currently the expected behavior in Windows 11 22H2.

Since Windows 11 22H2, the Defender service is always on with all AV products. It's the norm now. But it won't cause any CPU or Disk usage, it stays idle but will update signatures at least once a day/after every system start or restart if fast startup is off. I tested Kaspersky even today, and it didn't turn off the Defender service. There must have been some other issues. Mine is freshly installed 22H2 BTW, not an update over 22H1.

Yes it can. This question has been answered multiple times in this thread. So please don't ask it again. Keep using ESET, browser the web safely, and you'll stay protected. This thread can be closed now, I think @Marcos

I see, interesting. That's good to know.

I understand that. But I just think it's too aggressive to block a whole website if the loaded script is related to ads only. It's fine for malicious scripts. Haven't checked recently, but I saw in the past Kaspersky blocking suspicious ad related script on a website without fully blocking access to it. Might have seen Bitdefender doing it also on some rare occasion. So, it's possible to do that, but ESET takes a different approach. I prefer Kaspersky's approach, but it is what it is. They have their reasons. Anyway, my default browser is set in the Ignore list of HTTPS scanning mainly because of browsing speed impact (it's fast, but it's slow enough that I notice it on 8/10 websites), so it's not an issue for me. My DNS based protection and adblocker are enough for me to avoid HTTPS scanning on the browser.

I see. But if they only serve ads, wouldn't it be better to only block the suspicious scripts instead of blocking the whole site? It's adblockers job to block ads scripts, and they do it by blocking the ad related scripts on a webpage without blocking it completely. Without ESET's HTTPS scanning, there is no block from ESET as the ad-related scripts are blocked by the adblocker. Without adblocker+without HTTPS scanning ESET let me visit the site and only block the bad third party connections. With HTTPS scanning + adblocker installed, ESET completely block access to the site.

Do these scripts eventually lead to downloading malware if the user doesn't have a third-party AV or any ad blocker installed?