itman

https://help.eset.com/glossary/en-US/canary_file.html Assumed here is these are "bait" files which are commonly used in anti-ransomware apps to detect ransomware encryption activities.

He's referring to Node.js based malware; example here: https://any.run/cybersecurity-blog/lu0bot-analysis/ .

I will also add that Eset doesn't perform SSL/TLS scanning on every HTTPS web site. Select trusted sites known to Eset are excluded.

You can no longer rename or modify any network connection Eset creates other than change its profile type. You can however create a new network connection which Eset now calls a Profile.

True. But this extension will not show when searching Chrome Store Extensions under "Eset" criteria. You can try it in Brave and see if it installs. If it does install, my guess is it won't work.

Not possible. Brave uses extensions from the Chrome Store. The only Eset extension available there is for Eset Password Manager.

As far as Eset previous detections of this malware, refer to this thread: https://forum.eset.com/topic/36848-jsspybankerkn/ .

The malware is still detected on the web site;

It does not support Brave; https://help.eset.com/essp/17/en-US/banking_and_payment_protection.html?idh_config_bps.html

Yes. However, you are using Brave browser. Brave is not a Secured Browser protection supported browser. This leaves you vulnerable to browser memory based code injection attacks, keyloggers, etc.

There's an older thread in the forum on a similar PowerShell malware. In this case, a rogue sub-directory was created in C:\Windows\System32: https://forum.eset.com/topic/32653-annoying-powershellagentaew-on-each-start-need-assitence/#elControls_152733_menu . In any case, diagnosis will be a bit involved.

Did you enable the HIPS setting shown in the below screen shot? On the other hand, I don't know why Eset HIPS would be blocking that many transactions to create a log of this size.

First, what is msrdc.exe; https://spyshelter.com/exe/microsoft-corporation-msrdc-exe Appears MS Office apps are trying to modify RDP to establish a remote connection to something? Doesn't appear to be legit activity to me.

Looks good. No Eset alert.

Disable Network Inspector via Eset GUI when using the PC at work. Re-enable Network Inspector when using the PC at home.

Website still infected. Get Eset alert upon attempted site access. Here's Sucuri's report on the site: https://sitecheck.sucuri.net/results/epainfo.pl

No, it's a separate company: https://www.safetica.com/company-profile . It does collaborate with Eset on security issues via Eset Technical Alliance. You can create a support request to Safetica here: https://support.safetica.com/en/knowledge-base/kb-tickets/new .

Instructions for use of Eset's decryptor for TeslaCrypt here: https://support.eset.com/en/kb6051-how-do-i-clean-a-teslacrypt-infection-using-the-eset-teslacrypt-decrypter . It supposedly works on ver. 3.0 and 4.0 of TeslaCrypt. If this is the decryptor you used and it didn't work, my guess is you got nailed by TeslaCrypt variant that is not decryptable.

Outlook is included as part of MS Office Pro or via MS Office 365 subscription. It can be purchased from MS Store here: https://www.microsoft.com/en-us/microsoft-365/p/outlook/cfq7ttc0hlkq?activetab=pivot:overviewtab Also as this article notes: https://support.eset.com/en/kb2138-email-clients-compatible-with-windows-eset-products , Eset currently only supports Outlook via e-mail scanning plug-in option.

My system is 13 years old also using two HDDs. I have been using Win 10 since 2016 with Eset installed and have never seen this AMSI error.

This has been discussed previously in the forum. Both Adguard installed ver. and Eset use the Windows Filtering Platform. To use both Adguard installed and Eset concurrently, you must disable AdGuard's use of Windows Filtering Platform as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ .

This was discussed in another forum thread which I currently can't find. MBAM is now a full fledged AV solution and as such now registers itself in Windows Security Center as Eset does. Windows 10/11 only allows one third party AV to register itself as the active real-time AV solution. This is where the conflict is and the source of the Eset AMSI error. Why this just recently started with devices having both MBAM - real-time mode and Eset installed only Microsoft knows. The only solution is to disable MBAM real-time mode and run it as an on-demand second opinion AV.

The Eset recommended anti-ransomware rule for PowerShell child process startup is detecting it starting conhost.exe. You will have to create a HIPS allow rule for this activity. I did. Appears internal PowerShell maintenance scripts used by Windows perform this activity.

What browser did you use to perform the AMTSO test? Eset detects it when using Firefox:

I assume he's connecting to Zoom via Chrome browser; https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060732#collapseWeb