Jump to content

Repeated detected items in Mac Outlook, deleted, but repeats continually


Recommended Posts



I currently have an issue where one of our end users has a Mac and ESET is constantly detecting HTML/Phishing.Agent.TO - Action is retained. Further, we cannot find the source of the message in the actual mail accounts (O365, Gmail, portals) as the object is some insane string of numbers and letters with no way to match in their respective mail services. Any help would be greatly appreciated. Here is an example of what the CSV of a report pulls:


Antivirus;0;someones-mbp;NA;5;HTML/Phishing.Agent.TO;retained;file:///System/Volumes/Data/Users/usersname/Library/Mail/V7/F43159F3-2D22-4AB6-A08F-3268B1040E66/[Gmail].mbox/Spam.mbox/801AD855-2C42-46FF-884B-D71D56525065/Data/3/3/Messages/33435.emlx;;Administrator initiated scan;2021-02-02 12:10:57



Link to comment
Share on other sites

  • Administrators

I think this is what is happening:
1, The user received a scam / phishing email (not malicious) detected as HTML/Phishing.Agent.TO to his or her Gmail address
2, The user downloaded email by Mail application on Mac. Since ESET doesn't support SSL filtering on Mac yet, the email was not detected and was saved to the mailbox.
3, The email was detected during an on-demand scan. Either the scan was run in scan-only mode or we don't clean that format of mailbox.

I'd suggest logging to Gmail in a browser and deleting the offending mail in the Spam folder so that it's not downloaded by the client during a sync.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...