PDF/Phishing.KnowBe4.A Detection Question

[Bradley M 0]

Good Afternoon,

I wanted to reach out to the community to see if anyone else has recently run into issues with this detection name: PDF/Phishing.KnowBe4.A. We have leveraged KnowBe4 in the past for phishing campaigns but just now recently within the last week have started seeing detections for old attachments coming from old phishing campaigns showing with this detection name, we've submitted it to the ESET Samples team just wanted to see if anyone had a similar situation or if the ESET Mods could provide some more context or information on the detection itself?

Thank you!

[Marcos 5,085]

You can create a detection exclusion if you don't want the pdf files used for security awareness phishing tests to be detected.

[Jerry B 0]

Started receiving the same message this week and wondering how it was determined to be old KB4 campaigns and why eset would flag a phishing test that contains no actual virus malware or trojan and unable to clean them.       

[TLEE 0]

We have also started seeing this message since last week.  We are using knowbe4 and have been for a few years now.  

 

 

[Bradley M 0]

Hi Marcos,

I appreciate the guidance on the exclusion, we are fine with setting one up but more so we were looking for more information on the detection itself if anyone has any. We've never seen the detection before so we were just wondering if it was new or not.

Thank you!

[Marcos 5,085]

A detection exclusion like this should work. You may need to replace "A" with the variant that was detected.