Cross-site request forgery

[JosephKing 3]

I'm interested to know how ESET detects CSRF. Is it actively scanning for commands or just files that make up the website? If you're on a website for a while, and all is well, then an attacker starts sending commands would ESET alert? I never got a mid-session alert. Not too sure if I fully understand how its handled by AV. 

[JosephKing 3]

I think this log file shows an example of XSS.

5/10/22:  HTTP filter;file;
htxxs://www.hastingstribune[.]com/tncms/access/rules;
HTML/ScrInject.B trojan;connection terminated;
Event occurred during an attempt to access the web by the application: 
C:\Users\user\AppData\Local\chrome\Application\chrome.exe 
(C581591A194A29CDF2EE4E3EA36B4A19DAE4C21B).;859684033D6A1B18AA9546AA93DD3DD9648EF0F7;