Bradley M 0 Posted April 24 Share Posted April 24 Good Afternoon, I wanted to reach out to the community to see if anyone else has recently run into issues with this detection name: PDF/Phishing.KnowBe4.A. We have leveraged KnowBe4 in the past for phishing campaigns but just now recently within the last week have started seeing detections for old attachments coming from old phishing campaigns showing with this detection name, we've submitted it to the ESET Samples team just wanted to see if anyone had a similar situation or if the ESET Mods could provide some more context or information on the detection itself? Thank you! Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted April 24 Administrators Share Posted April 24 You can create a detection exclusion if you don't want the pdf files used for security awareness phishing tests to be detected. Quote Link to comment Share on other sites More sharing options...
Jerry B 0 Posted April 25 Share Posted April 25 Started receiving the same message this week and wondering how it was determined to be old KB4 campaigns and why eset would flag a phishing test that contains no actual virus malware or trojan and unable to clean them. Quote Link to comment Share on other sites More sharing options...
TLEE 0 Posted April 25 Share Posted April 25 We have also started seeing this message since last week. We are using knowbe4 and have been for a few years now. Quote Link to comment Share on other sites More sharing options...
Bradley M 0 Posted Monday at 02:35 PM Author Share Posted Monday at 02:35 PM Hi Marcos, I appreciate the guidance on the exclusion, we are fine with setting one up but more so we were looking for more information on the detection itself if anyone has any. We've never seen the detection before so we were just wondering if it was new or not. Thank you! Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted Monday at 04:20 PM Administrators Share Posted Monday at 04:20 PM A detection exclusion like this should work. You may need to replace "A" with the variant that was detected. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.