CRitzMan 0 Posted February 4, 2021 Share Posted February 4, 2021 Hello, I currently have an issue where one of our end users has a Mac and ESET is constantly detecting HTML/Phishing.Agent.TO - Action is retained. Further, we cannot find the source of the message in the actual mail accounts (O365, Gmail, portals) as the object is some insane string of numbers and letters with no way to match in their respective mail services. Any help would be greatly appreciated. Here is an example of what the CSV of a report pulls: Antivirus;0;someones-mbp;NA;5;HTML/Phishing.Agent.TO;retained;file:///System/Volumes/Data/Users/usersname/Library/Mail/V7/F43159F3-2D22-4AB6-A08F-3268B1040E66/[Gmail].mbox/Spam.mbox/801AD855-2C42-46FF-884B-D71D56525065/Data/3/3/Messages/33435.emlx;;Administrator initiated scan;2021-02-02 12:10:57 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted February 4, 2021 Administrators Share Posted February 4, 2021 I think this is what is happening: 1, The user received a scam / phishing email (not malicious) detected as HTML/Phishing.Agent.TO to his or her Gmail address 2, The user downloaded email by Mail application on Mac. Since ESET doesn't support SSL filtering on Mac yet, the email was not detected and was saved to the mailbox. 3, The email was detected during an on-demand scan. Either the scan was run in scan-only mode or we don't clean that format of mailbox. I'd suggest logging to Gmail in a browser and deleting the offending mail in the Spam folder so that it's not downloaded by the client during a sync. Link to comment Share on other sites More sharing options...
Recommended Posts