Eset File Security PDF/Phishing.A.Gen

[Matthew Kent 2]

Hi All,

I'm currently trailing Eset File Security for Windows, and it seems to be picking up a lot of my user's PDF files as PDF/Phishing.A.Gen.  It looks like ESET is just flagging them because they've got an embedded link which might lead to a phishing site?

Is it possible to turn off this one single detection?

Thanks,

Matthew

[Marcos 5,074]

Yes, that's correct. PDF files with functional links to phishing are detected as PDF/Phishing.A.Gen. It's not possible to turn off the detection but you can exclude particular files from scanning.

What's the purpose of having PDFs with phishing links deliberately on a machine?

[Matthew Kent 2]

Thanks for the quick reply.

I have several PDFs that have links in them, which are not phishing links, but which trigger ESET.  For example please see the attached PDFs in a zip file.

I'd prefer not to have to exclude all pdf's by file type.

Matthew

 

Edited July 17, 2017 by Matthew Kent

[Marcos 5,074]

Upgrades-v2.pdf contains a link to a non-existing domain with phishing. Since it doesn't pose any risk any more, we'll unblock it as well as the link blocked in the other PDFs. In less than 30 minutes the files should not be detected.

In case you come across possible FPs, please report them to samples[at]eset.com.

[Matthew Kent 2]

Ok I'll continue to submit samples via email.  I suspect that I had so many false positives at first because I scanned for old files and folders from around 2008 so as not to disturb my current users.  I'm now scanning more recent stuff and haven't (yet) had another false positive.

 

Thanks,

Matthew