Listo

I think we are discussing slightly different products, since I'm on Endpoint Security, not Endpoint Antivirus. Those menus aren't quite the same for me. I did find this, specifically stating they don't give alerts.

Actually my configuration is exactly that, other than I'm using a business version Endpoint Security rather than Endpoint Antivirus. It doesn't alert on blocked connections for me, but they are in the logs. I have email alerts enabled too, so for viruses I do get both an alert and an email.

I'm getting a lot of these blocked as well. We moved an RDP listening port to a non-standard port on a specific device that was routed to 1 Windows 10 PC. ESET picked up the port being probed and allowed that until December 11 when it then blocked access to communication to svchost.exe from specific IP addresses under Rule/Worm name Botnet.CnC.Generic. All of these were inbound, there was no outbound traffic. The blocking started at the exact same time the Detection Engine was updated to version 20494. Instantly we started getting the blocking. The most common source was 193.188.22.80, which was registered to an address in Los Angeles,CA to a Russian name and resolves to a Russian address. We blocked that port's inbound access at the firewall and that shut it all down. My read on this is that the bots first find an open port, and then attempt to identify what protocol it is looking for. They then try a brute force attack , thousands or millions of times against that port. We were getting up to 6 hits a second against this port when we shut it off. I suspect that the version 20494 had a list of botnet sources that was implemented for blocking, or was able to read their signature somehow. I'm very appreciative that this all happened automatically, but I would have liked the intervention to be more obvious and send me alerts rather than discovering in the logs on my own.