itman

By standard user account, I assume you literally mean just that and not the default local admin account. This is done obviously for security reasons. You can alter standard user account privileges using Group Policy. See this article for reference: https://community.spiceworks.com/topic/333331-how-do-i-enable-remote-desktop-for-local-standard-user

You need to first establish what the IPv4 address of the remote device you are trying to connect to via RDP. Then add that IP address to Eset's Firewall -> Advanced -> Zones - edit. Then select Trusted Zone, then the Edit tab. Add the IPv4 IP address there. Click on the OK tab and any other OK tab shown to save your settings.

If this is Win 10 Home version, remote RDP is not supported. You need to purchase a Pro+ version of Windows.

@Marcos did some more testing and found what the issue is. I have Thunderbird set to receive e-mail only in text format. Appears Eset is no longer scanning incoming T-Bird text e-mail. I can live with that since the only thing allowed in text based e-mail are live URL links as far as I am aware of. However, further research needed in this area by Eset. Clicking on those links will force the Win default browser to open and display the web page there. I assume Eset would block anything malicious upon attempted web page access. My other concern was attachments to text e-mail which are also not scanned as verified through testing. I really don't know for fact if those were previously being scanned? However upon opening or attempted saving of the attachment, Eset does detect the malware and deletes the source T-Bird e-mail w/attachment. Eset however does not delete the currently displayed e-mail w/attachment. Correction - Eset does not delete the e-mail or attachment within T-Bird.

Well the below screen shot notes that the ThreatSense engine appears now to only support Outlook or LiveMail e-mail formats. Thunderbird emails use the .mbox extension. Appears Eset previously performed a conversion to .EML format and that was either inadvertently omitted, or done so intentionally. In either case I need to know pronto if this will be fixed or Eset e-mail scanning no longer supports Thunderbird.

Things are worse than I thought. I sent myself an e-mail containing the Eicar test string. Not only did Eset not prior scan the e-mail in Thunderbird. When I opened the e-mail, Eset didn't detect it.

Tried everything I could think of to get T-Bird e-mail scanning to work w/zip results. Need to know if Eset no longer supports e-mail scanning for T-Bird.

@Marcos it appears Eset e-mail scanning is no longer scanning Thunderbird IMAPS incoming e-mail. I turned on ThreatSense detailed logging and have zip log entries related to e-mail.

https://blog.knowbe4.com/byod-really-means-bring-your-own-risk

Reflecting a bit, this issue existed prior to ver. 12.2.23 and started around the time Eset HTTPS ports added the, 0-65535 range to ver. 12.1. "My gut is telling me" this might have hosed the IMAPS and POPS ports usage by Eset's e-mail scanner. Will experiment with excluding the IMAPS ports there and see if that resolves the issue.

It was the first thing I tried. No dice. Nothing further was displayed. Additionally, I tried resetting the statistics. Still no e-mail category. The real question is if Eset is still scanning Thunderbird e-mail which I am having serious doubts about.

Now this is interesting. I just noticed my Win 10 clock time was hosed after rebooting. Got set to 4 hours ahead. Had to re-sync my clock time.

I connect via 1 GB fiber Ethernet. Due to the fact my PC is connected via household wiring via powerlink adapters, my top connection speed is around 250 MB. The Sysrescue virus database download took approx. a minute.. What was odd is the first 40000 KB was almost instantaneous and it slowed after that. Might be due to some Linux network buffering issues or the like. Extrapolating my download speed results to lets say a 30 MB connection. the database download should take in the range of 8 - 10 minutes. This also assumes a full 30 MB download speed w/no ISP throttling going on.

Personally, I don't buy this. There are multiple free HIPS like products on the market that have extensive wildcard support. This capability is far from "rocket science."

What concerns me is the below on-line help quoted last paragraph. This would imply that Eset is no longer scanning Thunderbird incoming e-mail:

HIPS file wildcard support!!!

The forum's primary purpose is to help Eset users with installation or operational issues. As far as bugs and the like, it is very much a hit or miss issue if they ever get fixed. It all depends on if the Eset moderator responding will forward the issue to Eset development for further analysis. On the other hand, opening a support ticket is a "mixed bag," I have had excellent assistance and I have had otherwise. As far as product problem resolution, what I have observed is Eset has the following priority; security vulnerabilities, severe operational issues, and everything else. Some requests although being hinted at multiple times in the forum as to be implemented in the near future, never get implemented. Bottom line - if whatever issue is bugging someone to the point where it becomes intolerable, they are better served by using a different security product.

Ver. 12.2.23. Thunderbird e-mail client. With this category missing, I have no way to verify that Eset is actually scanning my incoming e-mails.

I would start by ensuring all ports on the WAN site of the router are closed and preferably in stealth status. Stealth status means the ports are "invisible" to anyone doing external port scanning against your router. Next, I would check out if you have a device on your internal network for some reason trying to access this device in an unstateful manner. The Eset firewall is stateful. It will only allow inbound TCP packets that are associated with a prior outbound transmission.

Also, check out this forum dedicated to ransomware detection and resolution: https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/

Make sure your server OS has all security updates applied. Of note is Bluekeep worm patches and these just announced like worm vulnerabilities: https://forum.eset.com/topic/20484-patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-11811182/

I solved the problem by simply not having any scheduled scans. Personally, I believe many using Eset are "scan crazy." Since Eset's real-time protection scans files upon creation and again at execution time, additional off-line scanning really is not necessary. For those that insist on daily scanning of all drives, a good alternative is to use the "Idle time" scan option. This will result in files being continuously scanned when the device is in an idle state.

https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/

A very strong warning here. I just performed a detail scan of this web site using Quttera. It found a whopping 19 malware instances; all Javascript based: https://quttera.com/detailed_report/watchdoctorwhoonline.com

Forgot about that one. It's a new option added in ver. 12.2.23 I beleive.