Jump to content

JxMcGeary

Members
 View Profile  See their activity

  • Content Count

    7

  • Joined

  • Last visited

Kudos

0 Newcomer Reputation badge

See kudos

Profile Information

  • Location
    USA
  1. JxMcGeary
    Okay, I was able to pause the protection and zip up the file, but before I submitted it I checked it out. It appears that ESET believes the one URL in the file points to a phishing site. The url in question points to https://www.mizuhoamericas.com , which is an investment banking site. Given that my company does legitimate business with Mizuho Americas, we believe this URL classification is a false positive. I'll submit the zipped file shortly.
  2. JxMcGeary
    I checked. Livegrid feedback's enabled. The instant I try to restore the file so I can upload it anywhere, ESET detects it again and deletes it again. I have had this happen both when restoring it on the machine itself and when restoring it from the security center. 'Upload' is apparently an option if I check the file in the security center rather than on the machine, but that asks for a Windows or SMB share to upload the file to, rather than giving me the option of uploading it to ESET.
  3. JxMcGeary
    Can't. Submit for analysis is grayed out. ESET appears to insist on deleting it even though it says it's in quarantine.
  4. JxMcGeary started following Multiple computers reporting JS/Kryptik-BPH but 'completion dates' in the past and ESET Endpoint Security PDF/Phishing.A.Gen possible false positive?
  5. JxMcGeary
    We got a scan result of phishing.a.gen on a PDF on one of our users' hard drives this morning. The file appears to have been legitimate, but I'd like to upload it for analysis since I know that pdf/phishing.a.gen can be triggered as a detection any time a PDF contains links to what ESET considered phishing domains. I can see the file in quarantine in the ESET Security Management Center. How do I upload it for proper analysis, or other examination for possible false positives in the event that a domain in the PDF's links is falsely marked 'phishing'?
  6. JxMcGeary
    Thank you.
  7. JxMcGeary
    Thank you, Marcos. Does that mean the file was adware, or just that the definition was an incorrect marking? I need to pass the information to my boss.
  8. JxMcGeary
    Merganser users this morning (we're on ESET Endpoint Security 7.2.2055.0) got pop-ups from their scanners saying that JS/Kryptik-BPH had been blocked from accessing their machines. I ordered a full scan with cleaning on all user computers and similar scans on our servers. We've had multiple users' scans complete with JS/Kryptik-BPH detections in the caches of Chrome, Edge, and the Bloomberg WebView In-Terminal Browser, but when I check these detections in the ESET Security management Center report, it shows 'scan time of completion' as a date significantly in the past- some users in January, s
×
×
  • Create New...