-
I’m attaching a graphic of my Rule. When you set the Rule, do one for every account on your box. You’ll see I have left a few check-boxes blank, this is because I don’t need to be bothered by the details, I’ve got better things to do.
When you build your Rules, add one for C:\Program Data. This is another place that nothing should ever execute from.
I’m still suspicious that the .bat was possibly a payload. I have never seen those files in that location, but OTOH yours is Win10, which is a very strange OS.
When I said “run a good on-demand scan”, I meant “point it at C: and let it sniff everything” — another reason for keeping your data off the Windows drive!
Attachments:
_________________________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]00
