So, there is something on that machine that attempts router exploits. After not getting AI Protection blocs since October of 2021, they started again in Jan & Feb 2022 even though Internet access was disabled for the client IP at the router. This pisses me off, so I would like to solicit the opinions of the experts here about the following.
I have a log file of attempted exploits, with date and timestamp. Is there a way to try to marry up exploit attempts with activity on the client? To see who was using the phone at that time, so to speak. If I could see what was going on in the narrowed time frame, I might find the culprit. What tool(s) would help to reveal that? (event viewer, process explorer/monitor, some windows log, other admin tools, etc.)
If you were to attempt it, how would you go about it? Or is it a stupid approach?
FWIW, I've run everything from rkill -> Avast -> MS Malicious Software Removal, etc. several times. I've clearly not caught it and I'm going to hunt it down.
