Bradley M 0 Posted April 24 Share Posted April 24 Good Afternoon, I wanted to reach out to the community to see if anyone else has recently run into issues with this detection name: PDF/Phishing.KnowBe4.A. We have leveraged KnowBe4 in the past for phishing campaigns but just now recently within the last week have started seeing detections for old attachments coming from old phishing campaigns showing with this detection name, we've submitted it to the ESET Samples team just wanted to see if anyone had a similar situation or if the ESET Mods could provide some more context or information on the detection itself? Thank you! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted April 24 Administrators Share Posted April 24 You can create a detection exclusion if you don't want the pdf files used for security awareness phishing tests to be detected. Link to comment Share on other sites More sharing options...
Jerry B 0 Posted April 25 Share Posted April 25 Started receiving the same message this week and wondering how it was determined to be old KB4 campaigns and why eset would flag a phishing test that contains no actual virus malware or trojan and unable to clean them. Link to comment Share on other sites More sharing options...
TLEE 0 Posted April 25 Share Posted April 25 We have also started seeing this message since last week. We are using knowbe4 and have been for a few years now. Link to comment Share on other sites More sharing options...
Bradley M 0 Posted April 29 Author Share Posted April 29 Hi Marcos, I appreciate the guidance on the exclusion, we are fine with setting one up but more so we were looking for more information on the detection itself if anyone has any. We've never seen the detection before so we were just wondering if it was new or not. Thank you! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted April 29 Administrators Share Posted April 29 A detection exclusion like this should work. You may need to replace "A" with the variant that was detected. Link to comment Share on other sites More sharing options...
BobbyHolcomb 0 Posted May 13 Share Posted May 13 Replying for the updates. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted May 13 Administrators Share Posted May 13 8 minutes ago, BobbyHolcomb said: Replying for the updates. Were there any problems using the above detection exclusion? Link to comment Share on other sites More sharing options...
Bradley M 0 Posted May 13 Author Share Posted May 13 While the exclusion does resolve the issue I was hoping for more context as to why this detection all of a sudden started triggering when we've been using KnowBe4 attachments for years. Link to comment Share on other sites More sharing options...
itman 1,740 Posted May 13 Share Posted May 13 Eset is not the only one that flags KnowBe4 phishing e-mails. Windows Defender also flags and quarantine's them: https://www.reddit.com/r/sysadmin/comments/1amqxmf/knowbe4s_high_confidence_phish_emails_are_now/ . Link to comment Share on other sites More sharing options...
Recommended Posts