itman

The default cleaning mode for the Smart scan option is shown in the below screen shot. You can change it to whatever you wish;

Only applicable to ESSP since it is the only consumer version that has LiveGuard. Did you mean LiveGrid instead?

Eset recommends once a month in-depth scan at the minimum. A weekly default Smart scan otherwise should be sufficient; https://help.eset.com/ees/10.1/en-US/?idh_page_scan.html The above stated, Eset's real-time scanning will detect the vast majority of malware upon creation on the local device. Also of note is Eset performs default scheduled scans of known system areas where malware resides at system startup and after Eset update activities.

It appears the Eset scan cache was not cleared when the second on-demand scan was run. This resulted in results from the first scan influencing the detection's from the second scan. Running back to back full on-demand scans is not expected normal scan behavior. This option detects exactly as stated. These apps are not malware per se, but exhibit undesirable behavior such as scams to purchase unneeded services and the like. Due to the fact users might be using such apps as you are, the option is not enabled by default at installation time.

This posting about Facebook use in Vietnam is informative: https://www.washingtonpost.com/world/2023/06/19/facebook-meta-vietnam-government-censorship/ . It also might explain the different home web page. Also, assume Internet communication is being actively being monitored there. Since Eset appears to function properly in browsers with a Private mode, that is the mode that should be used for social media access.

I noticed something. The Facebook home page the OP is being directed to does not appear to be the same one I am directed to. I suspect some type of redirection is occurring here;

Looks like you're using Edge as your browser. ESSP blocked facebook.com in Edge both in normal and InPrivate mode on my Win 10 22H2 Pro installation.

It works on ESSP when I add *.facebook.com/* to Eset existing "List of existing blocked address" list;

Have them check if the ISP router has a firewall and its enabled. Most ISP provided routers these days have a NAT firewall. Also, they are stateful. This means they won't allow unsolicited inbound TCP traffic; i.e. inbound traffic not in response to a prior outbound request, . If all the above apply, I would stand by my previous statement that un-patched vulnerable OS or app software exits on the device and an external hacker is trying to exploit it. Also per Eset posted log entries, the target IP address is 140.186.96.15 which is associated with Midcontinent Communications in Fargo, ND. That is a public IP address and not a private IP address which should be associated with the device. As such, something is definitely not right here. -EDIT- Let's say Midcontinent Communications; i.e. Midco, is the user's ISP. He requested and received a static IP address from them; i.e.140.186.96.15. Note the security issue with static IP assignment; https://www.techtarget.com/whatis/definition/static-IP-address

Is Huntress EDR software installed on this device?

Maybe. It all depends if Eset can detect the malware. If its 0-day malware, I would say you will probably be nailed.

That is a distinct possibility. Since the web site is infected, creating an exception for the detection is done at your own peril.

Based on prior forum postings on this topic, one possibility is vulnerable software exists on the device and these detection's are attempts to exploit those vulnerabilities. Review of the Eset logs on the device should yield details on the source of these detection's.

Refer to this posting for further assistance: https://www.bleepingcomputer.com/forums/t/788610/how-to-repair-encrypted-files-yyza-extension-stop-djvu/?p=5549768 . Note that unless someone else has paid the ransom and provided the decryption key to Emsisoft, it will not be possible to decrypt files using their decrypter tool.

This is a newer Djvu ransomware variant. As such, it is highly unlikely a decryption key exists for it. PCRisk has a detailed article on this ransomware here: https://www.pcrisk.com/removal-guides/27456-yyza-ransomware .

When you were infected with this ransomware, did you have an Eset product installed?

I can access whclab.com w/o issue using Eset. This includes the checkout area where magacart malware hides.

Per APIVoid, the domain is not parked;

I can connect to this domain w/o issue using Eset. It appears the issue lies with Myfxbook and how they have configured their Eset installation.

Did you try to activate Eset using your existing Eset license key? I have had HDD crashes in the past resulting in Win 10 being installed from scratch on new HDD. Then Eset being installed. I never had an issue activating Eset again using my existing license key.

Correct.

Note that the Windows Security Center validation is to verify if Eset is properly registered within it. Proper Eset registration yields an "on" status for Eset Security and firewall with Microsoft Defender and Windows firewall showing an "off." status. Ensure you post the result of this verification. Once this verification as to status is completed, we can proceed with other possible causes why the Microsoft Defender Engine process might be running.

Further analysis yields there is a way to provide to provide ACS support for Win 10 1903+ versions. Microsoft has removed all ACS support KB's for Win 10 versions prior to 1903 from the Win Catalog other than LTSB versions. If you refer to Micosoft's article on ACS support: https://support.microsoft.com/en-au/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4 , you will note there is no KB listed for Win 10 1903. Likewise if you try to install the KB listed for Win 10 1909, that won't work either because it is for LTSB version only. However if you access KB5005611 which is the ACS support KB listed for Win 10 2004, 20H2, and 21H1, it states the update applies to all Win 10 versions 1903 and later; Select the version 21H1 update applicable to your OS version. For additional reference you can refer to the Sophos ACS article: https://support.sophos.com/support/s/article/KB-000045019?language=en_US Finally and important, you need to verify that this certificate,Microsoft Identity Verification Root Certificate Authority 2020, exists in your Win root CA store using certmgr.exe. If it does not, you will need to download and install the certificate manually. Refer to the above linked Microsoft ACS article on how to do that.

I have a suspicion why Eset might be throwing a detection on this game. A couple of comments from Reddit; https://www.reddit.com/r/gaming/comments/11ef1ga/i_just_downloaded_riders_republic_and_its_making/

Are you receiving any Eset detection on RidersRepublic.exe?