Jump to content
TzonZ

False positive in Windows mail app?

Recommended Posts

Hello, 

About once a month for the last 3 months I get a detection that seems to me as a false positive, since I cannot explain in any other way how it happens. It occurs either during system scan or when opening the Windows Mail app in Windows 10. The log file from one of this cases is shown bellow. What should I do about it? How can I submit the suspicious file for further analysis?

Thank you, 

John

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">13/6/2018 5:33:46 μμ</COLUMN>
      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">C:\Users\johnz\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\LoginEmail[4690].pdf</COLUMN>
      <COLUMN NAME="Threat">PDF/Phishing.A.Gen trojan</COLUMN>
      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
      <COLUMN NAME="User">JOHN-TURBOX\johnz</COLUMN>
      <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe (2BB0982898E59FE501C7EF2D85872FF2EFC16F2D).</COLUMN>
      <COLUMN NAME="Hash">2E70DF5E3D428D710C13738F494E32159E4C53F6</COLUMN>
      <COLUMN NAME="First seen here">13/6/2018 5:33:30 μμ</COLUMN>
    </RECORD>
 </LOG>
</ESET>

 

Share this post


Link to post
Share on other sites

Does the Eset alert occur as a result of you opening an e-mail that requests you enter your logon credentials to download a file from a file sharing web site or view/download a file from elsewhere?

Share this post


Link to post
Share on other sites

Hi Marcos

Yes, I did get this email. I get quite a few similar phishing emails. 

I didn't know though that the detection of a phishing email looked like this, so I thought it was a file of the application itself being detected. 

Thank you, 

John

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×