Whitelisting "Trojan"

[BDeep 7]

We have a custom inline script that obscures a mail to address but ESET and some other endpoint products are knocking it down. The code is:

                                                  <script type="text/javascript">

                                                                                                <!--

                                                                                                var s="

=b!ujumf>#Fnbjm!Tbsbi#!isfg>#nbjmup;tbsbiAtbsbitjohjoh/dpn#?Tbsbi=0b?";

                                                                                                m=""; for (i=0; i<s.length; i++) m+=String.fromCharCode(s.charCodeAt(i)-1); document.write(m);

                                                                                                //-->

                                                                                </script>

Because we are purposely trying to utilize this javascript, how can we whitelist this?

Machine details of the threat are below:

 

• [redacted]
• COMPUTER DESCRIPTION

  John Ball
• THREAT NAME

  JS/Kryptik.AD
• THREAT TYPE

  trojan
• SEVERITY

  Warning
• OCCURRED

  2016 Jun 2 08:30:18
• THREAT HANDLED

  Yes
• RESTART NEEDED

  No
• ACTION TAKEN

  cleaned by deleting
• ACTION ERROR
• OBJECT TYPE

  file
• OBJECT URI

  [redacted]/test.html
• CIRCUMSTANCES

  Event occurred on a newly created file.
• SCANNER

  Real-time file system protection
• ENGINE VERSION

  13585 (20160602)
• PROCESS NAME

  C:\Windows\notepad.exe
• USER NAME

  [redacted]

Edited June 3, 2016 by BDeep

[rekun 41]

Submit it as a false positive here

hxxp://support.eset.com/kb141/?locale=en_US

[Marcos 4,706]

Use an image for instance instead of obfuscation methods similar to what malware authors use.