Matthew Kent 2 Posted July 17, 2017 Posted July 17, 2017 Hi All, I'm currently trailing Eset File Security for Windows, and it seems to be picking up a lot of my user's PDF files as PDF/Phishing.A.Gen. It looks like ESET is just flagging them because they've got an embedded link which might lead to a phishing site? Is it possible to turn off this one single detection? Thanks, Matthew
Administrators Marcos 5,446 Posted July 17, 2017 Administrators Posted July 17, 2017 Yes, that's correct. PDF files with functional links to phishing are detected as PDF/Phishing.A.Gen. It's not possible to turn off the detection but you can exclude particular files from scanning. What's the purpose of having PDFs with phishing links deliberately on a machine?
Matthew Kent 2 Posted July 17, 2017 Author Posted July 17, 2017 (edited) Thanks for the quick reply. I have several PDFs that have links in them, which are not phishing links, but which trigger ESET. For example please see the attached PDFs in a zip file. I'd prefer not to have to exclude all pdf's by file type. Matthew Edited July 17, 2017 by Matthew Kent jeifabdi 1
Administrators Marcos 5,446 Posted July 17, 2017 Administrators Posted July 17, 2017 Upgrades-v2.pdf contains a link to a non-existing domain with phishing. Since it doesn't pose any risk any more, we'll unblock it as well as the link blocked in the other PDFs. In less than 30 minutes the files should not be detected. In case you come across possible FPs, please report them to samples[at]eset.com.
Matthew Kent 2 Posted July 17, 2017 Author Posted July 17, 2017 Ok I'll continue to submit samples via email. I suspect that I had so many false positives at first because I scanned for old files and folders from around 2008 so as not to disturb my current users. I'm now scanning more recent stuff and haven't (yet) had another false positive. Thanks, Matthew
Recommended Posts