Jump to content

False positive in Windows mail app?


Recommended Posts

Hello, 

About once a month for the last 3 months I get a detection that seems to me as a false positive, since I cannot explain in any other way how it happens. It occurs either during system scan or when opening the Windows Mail app in Windows 10. The log file from one of this cases is shown bellow. What should I do about it? How can I submit the suspicious file for further analysis?

Thank you, 

John

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">13/6/2018 5:33:46 μμ</COLUMN>
      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">C:\Users\johnz\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\LoginEmail[4690].pdf</COLUMN>
      <COLUMN NAME="Threat">PDF/Phishing.A.Gen trojan</COLUMN>
      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
      <COLUMN NAME="User">JOHN-TURBOX\johnz</COLUMN>
      <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe (2BB0982898E59FE501C7EF2D85872FF2EFC16F2D).</COLUMN>
      <COLUMN NAME="Hash">2E70DF5E3D428D710C13738F494E32159E4C53F6</COLUMN>
      <COLUMN NAME="First seen here">13/6/2018 5:33:30 μμ</COLUMN>
    </RECORD>
 </LOG>
</ESET>

 

Link to comment
Share on other sites

Does the Eset alert occur as a result of you opening an e-mail that requests you enter your logon credentials to download a file from a file sharing web site or view/download a file from elsewhere?

Link to comment
Share on other sites

Hi Marcos

Yes, I did get this email. I get quite a few similar phishing emails. 

I didn't know though that the detection of a phishing email looked like this, so I thought it was a file of the application itself being detected. 

Thank you, 

John

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...