itman

Kaspersky just published an analysis on CamScanner:
https://securelist.com/dropper-in-google-play/92496/

https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/

My cleaner module ver. is currently 1195 dated 6/10. I could have swore that it had been previously updated to 1198.
Check what ver. your cleaner module is. If its not 1198, you will have to switch to pre-release updates to get it.

An absolutely fascinating article:
https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/

https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/

Make sure your server OS has all security updates applied. Of note is Bluekeep worm patches and these just announced like worm vulnerabilities: https://forum.eset.com/topic/20484-patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-11811182/

A very strong warning here.
I just performed a detail scan of this web site using Quttera. It found a whopping 19 malware instances; all Javascript based:

https://quttera.com/detailed_report/watchdoctorwhoonline.com

The simplest solution for this assuming you're not using a proxy connection is to do what U.S.-CERT recommends:
https://www.us-cert.gov/ncas/alerts/TA16-144A
In Win 10, turn off all proxy settings as shown in the below screen shot:

As far as browsers go, almost all are set by default to use OS proxy settings.

As far as AV labs tests go, they have to be scrutinized for discrepancies. For example, on the latest comparative from A-V Comparatives, Windows Defender had an unusually high false positive rate using a much smaller malware sample size. Whereas on the latest AV-Test business test, WD had a low FP rate for a much larger malware sample size.
Bottom line - take AV lab test results as a rough approximation in regards to a security solutions real world malware performance. Also always review as many test reports as you can from different AV labs and again, look for discrepancies.

ESET didn't fail to protect the user. This is proved by the fact that ESET had recognized the ransomware for a long time before the user got infected which means that ESET must have been paused or otherwise deactivated by an attacker.
Because of continual trolling despite giving numerous warnings and complaints from other users, we'll ban Novice as of now.

Worthless if the attacker has remote control of the system. He will just enter the CAPCHA characters as you would if physically present at the device. As far as the CAPCHA validation server is concerned as long as the response are the valid characters requested, it satisfies the validation.
Solutions such as Emsisoft primarily use CAPCHA to control disabling of real-time protection; not to validate software being uninstalled. Your best protection against hidden misuse of software uninstallers is to always keep UAC at its maximum level. This will ensure you get a UAC alert when such activity is taking place.
Your overall best protection against unwanted system activities is to always use a standard user account for normal system activities. As such, any unwanted system activities requiring elevated privileges such as software install/uninstall will fail since that account lacks those privileges.

Microsoft added Tamper Protection in Win 10 1903. Oddly, it has to be manually enabled.
I keep looking for a published bypass if it, but so far so good for Microsoft. It also appears to "have held its own" against the latest and greatest version of Trickbot which tried its darnedest to disable it:
https://www.bleepingcomputer.com/news/security/new-trickbot-version-focuses-on-microsofts-windows-defender/
Such can not be said for MalwareBytes or Sophos.

Well, I guess we have "come full circle" on this discussion. So let's summarize the options:
1. Local Chromecast dongle IP address exclusion. The Kaspersky article implies multiple addresses might be needed. Don't know fully what that is about but could imply router dynamic address assignment. Therefore static address assignment would be required as previously posted.
2. Exclude port 8009 from SSL/TLS protocol scanning. No qualms with this one since it wasn't being previously scanned. I also believe other ports might need exclusion but "time will tell" on that one.
My own thoughts on this issue is the whole subject of allowing an IoT device direct access to your PC. But that's another separate topic discussion.
A footnote comment. Eset has "opened Pandora's Box" in regards to future issues in regards to performing SSL/TLS scanning of all ports. I for one, will avoid assistance on any of those issues.

The security report referenced is the aggregate event status one that shows ever 30 days.
When you have questions about Eset settings, always click on the "?" on the GUI page. This will open Eset on-line product help which will show detailed explanations for the settings: https://help.eset.com/eis/12/en-US/idh_config_ui_notifications.html

Try the help page here under 'problem accessing a device on your network'
https://help.eset.com/ees/7/en-US/solving_problems_protocol_filtering.html
adding the chromecast ip address to the exclude list worked for me.
Find the address in google home app - tap the icon for your chromecast device, tap settings (gear symbol), scroll down to information

As far as the first three reasons given, it's a fair assumption.
In prior endpoint attacks where logs or specific details were provided, RDP was always the attackers entry point into the network. Once in the network, he could easily access any device where Eset was installed. Even if password protected, it could be bypassed via keystroke capture using a keylogger or other credential capture means.
Further, there has been at least one forum poster who was been repeatedly attacked via RDP despite being initially warned and advised on how to properly secure it.
To set the record straight, the vast majority of ransomware incidents posted in the forum involved business networks. The individual user postings I have seen are from those seeking help or a decrypter and don't even have Eset installed. Or, they naively installed Eset after the ransomware incident in belief it could both remove the ransomware and decrypt their files.

https://www.vice.com/en_us/article/9kxp83/researchers-easily-trick-cylances-ai-based-antivirus-into-thinking-malware-is-goodware
Every AV company must not rely on machine learning itself. We use a combination of different approaches, including AI and ML, as also mentioned at https://www.eset.com/int/about/technology/.
 
Related documents and articles:
https://www.eset.com/blog/enterprise/is-the-ai-hype-muddling-the-meaning-of-machine-learning/
https://cdn1.esetstatic.com/ESET/BLOG/Whitepapers/2018/ESET_AI_hype.pdf
https://www.welivesecurity.com/wp-content/uploads/2019/02/ESET_MACHINE_LEARNING_ERA.pdf
 

It's detected now:

 

That is not correct. See the below screen shot for Win 10 x(64) 1809.
There are only three cases when these services would be running:
1. Windows Defender is the default realtime scanner.
2. Windows Defender periodic scanning option has been manually enabled.
3. Effective with Win 10 1809 if the third party AV solution installed does not use the Windows Early Launch Anti-malware driver, Windows will additionally activate WD's realtime protection. It will run concurrent with the third party AV realtime solution.
In any other instance when WD's realtime protection is running concurrent third party AV realtime protection, it would be indicative of either a malfunction within Windows itself or the third party AV solution installation processing malfunctioned.

 

I certainly would not block smartscreen.exe since it is a Win 10 native protection mechanism.

Background
For some time, there have been forum postings regarding Eset's scoring in this test series. This has resulted in long and oftentimes mindless discussions on this issue. I am sure Eset has better use for its forum disk space.
Solution
Microsoft a while back adopted the use of published AV lab "transparency" reports to respond to its scoring in select AV lab tests. Their reports reflect typical Microsoft verbose detailing as only a concern with the resources it has to allocate to such an undertaking. Here's an example of a transparency report: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports .
I think it would be sufficient that Eset's report simply state the samples missed along with a brief explanation as to the cause for non-detection and corrective action implemented. Of course, there should be verbiage provided if Eset disputed the AV lab non-detection finding.  

As far as I am aware of, you can't use certificate exclusions this way. They are use primarily to exclude a web site from being scanned.
So your statement is correct; Eset's build-in scanning exclusion list overrides everything.

I never attempted to block Cortana using Eset HIPS. I use O&O ShutUp 10 to "harness" its activities.

Oh, my. This is one reason why I am always hesitant about showing my HIPS rules when asked. You should review HIPS rule creation using Eset built-in online help on the subject.
1. For the first screen shot. change the Rule name prefix from "CameRule:" to "User rule:" All user created rules should use this prefix. No need to log any events since you already know you're blocking Edge start up. Click the "Next" button.
2. As far as the second screen - Source applications, you ignored my previously posted instructions. Click on the down arrow next to where "Specific applications" is displayed and select "All applications." Click the "Next" button.
3. Your next screen displayed at this point should be Application operations. Deselect "All application operations." Select "Start new application." Click the "Next" button.
4. The next screen displayed should be "Applications." Click on the down arrow next to where "All applications" is displayed and select "Specific applications." Click on the "Add" tab. Now enter the full path name for Edge there. Warning - verify that the EDGE .exe is actually stored at that location. Remember what I posted previously is for ver. 1809. Click on the "Finish" button.
5. Click on any subsequent "OK" button shown to save your newly created HIPS rule.
6. Reopen the HIPS section and verify that your rule was created as specified.
Note this is my last instruction posting to you on how to create HIPS rules.

Microsoft a while back got a lot of free press on how Windows Defender ATP was able to detect a a zero day malware. What Microsoft didn't publicly disclose at the time but did so later via a blog detailed analysis of the incident is the following. At least 6 WD ATP installations were infected by the malware prior to Azure AI cloud server analysis returned a positive identification of malware status. BTW - those infected installations were all located in a specific region within Russia.
Bottom line - there is no such thing as 100% 0-day protection. If there was, that concern would in short order be the only security solution used and all other AV vendors would cease to exist.