Jump to content

PDF/Phishing.KnowBe4.A Detection Question


Recommended Posts

Good Afternoon,

I wanted to reach out to the community to see if anyone else has recently run into issues with this detection name: PDF/Phishing.KnowBe4.A. We have leveraged KnowBe4 in the past for phishing campaigns but just now recently within the last week have started seeing detections for old attachments coming from old phishing campaigns showing with this detection name, we've submitted it to the ESET Samples team just wanted to see if anyone had a similar situation or if the ESET Mods could provide some more context or information on the detection itself?

Thank you!

Link to comment
Share on other sites

  • Administrators

You can create a detection exclusion if you don't want the pdf files used for security awareness phishing tests to be detected.

Link to comment
Share on other sites

Started receiving the same message this week and wondering how it was determined to be old KB4 campaigns and why eset would flag a phishing test that contains no actual virus malware or trojan and unable to clean them.       

Link to comment
Share on other sites

We have also started seeing this message since last week.  We are using knowbe4 and have been for a few years now.  

 

 

Link to comment
Share on other sites

Hi Marcos,

I appreciate the guidance on the exclusion, we are fine with setting one up but more so we were looking for more information on the detection itself if anyone has any. We've never seen the detection before so we were just wondering if it was new or not.

Thank you!

Link to comment
Share on other sites

  • Administrators

A detection exclusion like this should work. You may need to replace "A" with the variant that was detected.

image.png

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators
8 minutes ago, BobbyHolcomb said:

Replying for the updates.

Were there any problems using the above detection exclusion?

Link to comment
Share on other sites

While the exclusion does resolve the issue I was hoping for more context as to why this detection all of a sudden started triggering when we've been using KnowBe4 attachments for years.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...