Hi Expert,
I'm sorry for late reply, I'm away for few days.
Status update:
MS17-010 was patched, but still show some outbound TCP. And, Avast is confirmed install on this machine.
I have request to uninstall it since all the outbound TCP means the attack is from this machine by Avast. But, this need to see how the local admin to contact that user as his feedback is use Avast to scan industry machine computer.
I'm interested that why Symantec can't do the same job, hope that we have the feedback from the users.
By the way, do you guys think this is very critical? Because from the severity level, it is marked critical.
What else I should do if this user refuse to uninstall Avast? Please advise if something I can do?
I'm sorry for the bad english.
Best regards,
Loh