itman

Again, this is for 2018. I posted a link above for the current 2019 test.

https://www.wilderssecurity.com/threads/how-do-i-stop-edge-from-automatically-starting.406358/

Here we go again. Windows Defender had a whopping 74 false positives in this test. Refer to the below screen shot that clearly shows that WD "block-at-first-sight" was set to aggressive setting level; basically blocking execution of any process without established reputation. Whereas this might be acceptable to advanced security level professionals, it certainly isn't so for the average user; especially for corp. users. -EDIT- Also 55 of the WD 74 false positives were user dependent block/allow action. It is a no-no to have the user decide if a process is malicious or not: Ref.: https://www.av-comparatives.org/tests/real-world-protection-test-february-may-2019/ Finally and most important, note the following. A-V C does not factor false positive scoring into its protection scores for its realtime tests as is done for its more comprehensive malware protection test series. Using the above false positive scoring criteria of 50% of user decisions are wrong, WD would have scored 27/752 or 96.4% placing it at the bottom of the protection scoring heap.

Refer to wilderssecurity.com that has multiple postings on this issue. In summary, Win 10 will try it's darnedest to keep Edge always running. Since I don't use Edge as my browser, I just block its start up with an Eset HIPS rule. This has resolved the issue for me.

Might be a problem with Win 10 1903. SysInspector works fine on Win 10 1809.

The Autoruns screen shot I posted just showed the current registry settings. These have to be added manually via Regedit or possible by Group Policy: This type of activity should be restricted via Group Policy setting.

A-V C is "very creative" when it comes to finding samples for its Realtime test series. It's not uncommon for it to slip in a few samples that are geographically restricted to one country and/or region within with an "in-the-wild" dispersion of < 10. The odds of encountering one these samples in close to zero.

I assume the reference is to this year's most recent A-V C Realtime test where Eset scored 98.4%; approximately the same as it has previously scored recently in this test series. If one has concerns about Eset, refer to this more comprehensive test series where over 10,000 malware samples are used: https://www.av-comparatives.org/tests/malware-protection-test-march-2019/ . Eset scored 99.86% for malware protection. Again, this is only one AV Lab's test; and test series for that lab. Refer to all the AV lab tests that Eset participates in and you will observe that Eset is a top scorer overall.

I did some testing a while back in regards to Edge and Eset B&PP. Now, it is possible things have changed since then. I set Edge to my default browser. Manually running Eset B&PP from the desktop opened Edge as a protected browser w/o issue. Whether Eset B&PP was fully functional in regards to keystroke protection and the like, I did not test for.

I use Thunderbird. I just checked my e-mail and had no problem connecting to AOL servers using IMAPS using EIS 12.1.34. I also run Win 10 x(64) 1809. Did you just recently upgrade to Win 10 x(64) 1903 on the device with T-Bird e-mail issues? Are the PCs w/o issues also running Win 10 x(64) 1903?

I use the registry debugger option for .exe's that can run from any directory. I set them to open as svchost.exe which immediately terminates: Eset HIP rule to block any write activity to C:\PROGRAM FILES\TIXAT\*.* would prevent anything being created in the folder. Eset HIPS rule to block any application startup in %homepath%\AppData\Roaming\*.* would prevent any program startup in that or any sub-directories. Also note this in regards to using variables in Eset HIPS rules: https://forum.eset.com/topic/15740-environment-variables-for-hips-rules/?do=findComment&comment=77806

It might have something to do with the status of the specific user account. For example, the "All Users" account is considered an operating system directory and is not shown by default in Windows Explorer. I suspect that "\\" use as far as the Eset HIPS goes might only work for directories that are not hidden by default. It also might not work based on user account status. For example if the user logs in as standard user, versus a local admin.

Since this is a new license, you might try this: https://www.eset.com/us/activate/ Appears this will create a new Eset account specific to this license. Also appears that a cd-key can be enter here since the web site refers to "retail code" that I assume is the cd-key.

Correct. Hopefully, this new decrypter will allow for previously encrypted files that were saved to now be decrypted. Unfortunately, concerns still don't backup their files in spite of the ransomware threat.

https://www.europol.europa.eu/newsroom/news/just-released-fourth-decryption-tool-neutralises-latest-version-of-gandcrab-ransomware