[Receiving HTML/Refresh.BC trojan for local app development]

I found the culprit. Three was a bad URL in a redirect URL setting

[Receiving HTML/Refresh.BC trojan for local app development]

I'm trying to debug a web application that I inherited. The site has a login-as feature to allow admins to impersonate users. When I try to exercise the functionality locally to debug an issue, the redirect is blocked with ESET indicating an "HTML/Refresh.BC trojan" threat. How do I work around this? The functionality is not flagged as a threat on the published server instances.