TzonZ 0 Posted June 15, 2018 Share Posted June 15, 2018 Hello, About once a month for the last 3 months I get a detection that seems to me as a false positive, since I cannot explain in any other way how it happens. It occurs either during system scan or when opening the Windows Mail app in Windows 10. The log file from one of this cases is shown bellow. What should I do about it? How can I submit the suspicious file for further analysis? Thank you, John <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Time">13/6/2018 5:33:46 μμ</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\johnz\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\LoginEmail[4690].pdf</COLUMN> <COLUMN NAME="Threat">PDF/Phishing.A.Gen trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">JOHN-TURBOX\johnz</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe (2BB0982898E59FE501C7EF2D85872FF2EFC16F2D).</COLUMN> <COLUMN NAME="Hash">2E70DF5E3D428D710C13738F494E32159E4C53F6</COLUMN> <COLUMN NAME="First seen here">13/6/2018 5:33:30 μμ</COLUMN> </RECORD> </LOG> </ESET> Link to comment Share on other sites More sharing options...
itman 1,752 Posted June 15, 2018 Share Posted June 15, 2018 Does the Eset alert occur as a result of you opening an e-mail that requests you enter your logon credentials to download a file from a file sharing web site or view/download a file from elsewhere? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted June 15, 2018 Administrators Share Posted June 15, 2018 It's clearly a phishing: Link to comment Share on other sites More sharing options...
galaxy 11 Posted June 19, 2018 Share Posted June 19, 2018 That's it;-) Link to comment Share on other sites More sharing options...
TzonZ 0 Posted June 19, 2018 Author Share Posted June 19, 2018 Hi Marcos Yes, I did get this email. I get quite a few similar phishing emails. I didn't know though that the detection of a phishing email looked like this, so I thought it was a file of the application itself being detected. Thank you, John Link to comment Share on other sites More sharing options...
Recommended Posts