JamesR

It sounds like you have purchased 2 internet lines. One where you have a WIFI Router, and one where you are directly connected to the internet. You should put a router between your computer and the internet. You can easily purchase a router that uses a physical network cable instead of using wifi. Your Wifi router may even have extra Ethernet ports as well. But the key thing is, a router is what hides your computer from others being able to directly see and attack your computer. In short, you need some form of physical hardware that will assign your computer a private IP address, thus stopping the attacks. I would recommend a router that supports an Ethernet (hardwired) connection instead of Wifi. As you will need hardware to help protect your computer, there is not much else we can do on the forums. I highly recommended that you may want to talk with your ISP or a local computer technician to assist in configuring a router that will support a wired connection.

The ESET Log Collector log you supplied shows you have a public IP address directly on your computer. This means you are not behind a router. This is very insecure and you will continue to see these attacks until you place your computer behind a router. If you contact your Internet Service Provider (ISP), they may refer to a router as a gateway, residential gateway, 2 in 1 modem, etc... If my talk of Router/Gateway and Public IP address is a new concept for you, I recommend working with your ISP or a local computer technician who can assist in setting up a router to hide your computer from the internet. Again, I can not emphasize this enough, it is very dangerous to connect a computer directly to the internet where it will be assigned a public IP address. Doing so will lead to non-stop attacks like the ones ESET is showing you.

I do not believe the process path of VNC is a problem, its likely that you utilized a custom path for the install. However, if you have not installed VNC or do not allow it, remove it. The root of the problem is that the computer triggering these detections is exposed to the the internet (directly or via port forwarding). I highly recommend you perform an audit of your public IP addresses. If needed, contact your ISP to get a list of IPs you own/use from them or use google to search for "whats my IP address" on different segments of your network. Next, from a computer which is not on your network, perform an NMAP scan of your public IP addresses to see which ports are open to the internet and to attempt to identify what services are on those ports. Here is one example command you could use (the command is case sensitive): nmap -sV -F -Pn ipaddress Replace "ipaddress" with your public IP Address. Nmap results where ports are seen as "OPEN" or "Filtered" are exposed to the internet. Filtered simply means the port was seen but NMAP could connect to it. This could be due to the IP you are scanning from being blocked. Close any open ports that are not needed to be exposed to the internet. If you have ports you must have open, consider restricting which IP Addresses are allowed to connect to these port (only specific trusted IPs or maybe only IPs in specific regions). Also consider moving ports to only being accessible via a VPN. And consider applying 2FA to any ports which require users to enter their usernames and passwords (ESET does have a 2FA product, but it does not work with VNC by default). If you are wanting more logging on this, you can do 1 of 2 things (or both): Use Wireshark to capture network traffic on the computer in question Use port mirroring if needed Create a policy in ESET Security Management Center to enable Diagnostic logging to create a PCAP of network traffic In ESMC, create a New Policy and select your product (Likely "ESET Endpoint for Windows"). In Settings, navigate to "Tools (on left) > Diagnostics (on left) > expand "Advanced Logging" on right Turn on "Enable Network Protection Advanced Logging" You can turn on all diagnostics if you want, but you wont need every diagnostic log for this Apply the policy to the computer you want the diagnostic logs from. Do not forget to remove the policy from the computer after you have gathered logs while the attack was logged. Otherwise you will fill the Hard Drive rather quickly. The diagnostic logs will be saved locally to the computer that generated them in "C:\ProgramData\ESET\ESET Security\Diagnostics". The pcap files can be opened and examined in Wireshark. Once done gathering logs, ensure you turn diagnostic logging off. Diagnostic logging should only be used when needed, and not left on indefinitely.