[KB3100] How Anti-Phishing works in your ESET product

Issue

Details


Click to expand

Anti-phishing technology protects you from attempts to acquire passwords, banking data, and other sensitive information by fake websites masquerading as legitimate ones. When your computer attempts to access a URL, ESET compares it against our database of known phishing sites. If a match is found, the connection to the URL is terminated, and a warning message is displayed. However, you have the option to proceed to the URL at your own risk or to report the URL to us as a potentially false positive warning.

The anti-phishing database is regularly updated by ESET (users’ computers receive data about new phishing threats every 20 minutes) and includes information from our partners 


Solution

The following products provide anti-phishing protection that enables you to block web pages known to distribute phishing content:

  • ESET Security Ultimate
  • ESET Smart Security Premium
  • ESET Internet Security
  • ESET NOD32 Antivirus
  • ESET Small Business Security

We strongly recommend leaving Anti-Phishing enabled (Anti-Phishing is enabled by default).

Potential phishing attempt warning

When you access a phishing website, you will receive the following notification in your web browser. You can access the website without receiving a warning message by clicking Ignore threat. It is not recommended to proceed to a website identified as a potential phishing website.

Figure 1-1

Check your Anti-Phishing protection status

To check your Anti-Phishing protection status, follow the steps below:

  1. Open the main program window of your ESET Windows product.

  2. Depending on your ESET product:

    • ESET home or small office products for Windows: Click SetupInternet protection.
    • ESET business products for Windows: Click SetupWeb and email.

    Figure 2-1
  3. If Anti-Phishing protection is enabled, the toggle in the Anti-Phishing protection section is green and the Enabled status is displayed.

    If Anti-Phishing protection is not enabled, the toggle in the Anti-Phishing protection section is red and the Disabled permanently or Paused status is displayed. See how to re-enable Anti-Phishing protection.

    Figure 2-2
Anti-Phishing test

To test Anti-Phishing functionality, visit the following URL in your web browser: https://www.amtso.org/check-desktop-phishing-page/

Anti-Phishing activity

To see the activity of Anti-Phishing web and email protection, navigate to ToolsLog files and select Filtered websites from the drop-down menu. It will contain information with visited links (URLs) that were found.


Report a phishing website to ESET

Reporting websites

Reporting potentially malicious websites to ESET contributes to the online security of other ESET users by alerting ESET security professionals about potentially harmful content that ESET should detect.

You can report phishing or malicious websites to ESET for analysis, or report safe websites to ESET for removal from the ESET Blacklist:

Report a phishing site to ESET

If your ESET product does not detect a website you know or suspect is a phishing website, you can report it via the Report a phishing page website. The submitted content may be added to the ESET Blacklist if analysis shows malicious content is distributed from the link you reported.

To report a phishing site directly from your ESET Windows product, follow the steps below:

  1. Open the main program window of your ESET Windows product.

  2. Depending on your ESET product:

    • ESET home or small office products for Windows: Click SetupInternet protection.
    • ESET business products for Windows: Click SetupWeb and email.

    Figure 3-1
  3. In the Anti-Phishing protection section, click Report a phishing site. You will be redirected to the Report a phishing page website.

    Figure 3-2
Report a false positive phishing site to ESET

If a website you know to be safe is detected as a threat, you can report it via Report a false positive website. ESET security professionals will re-visit the content reported as a false positive and remove it from the ESET Blacklist if it is safe.

Report a phishing website or false positive by email 

Send reports of phishing websites to ESET Research Lab. Remember to use a descriptive subject and enclose as much information about the website as possible (for example, the website that referred you there, how you heard about it, etc.).


Enable or disable Anti-Phishing protection

To re-enable paused or disabled Anti-Phishing protection, follow the steps below:

  1. Open the main program window of your ESET Windows product.

  2. Depending on your ESET product:

    • ESET home or small office products for Windows: Click SetupInternet protection.
    • ESET business products for Windows: Click SetupWeb and email.

    Figure 4-1
  3.  Click the toggle next to Anti-phishing protection.

    Figure 4-2
Enable Anti-Phishing protection from the main program window

You can enable Anti-Phishing protection also from the main program window:

  1. Open the main program window of your ESET Windows product.

  2. Click Enable Anti-Phishing protection.

    Figure 4-3

Add websites to the Address list

The Whitelist is a list of websites that would normally be blocked by ESET but are accessible because you allowed them. Potential phishing websites that have been whitelisted will expire from the whitelist after several hours by default.

To permanently allow access to a Potential phishing website without interruption from your ESET product, follow the steps below:

  1. Open the main program window of your ESET Windows product.

  2. Press the F5 key to open Advanced setup.

  3. Click Protections Web access protection, expand URL list management and click Edit.

    Figure 5-1
  4. Select List of addresses excluded from content scan and click Edit.

    Figure 5-2
  5. In the Edit list window, click Add. In the Add mask window and type or copy/paste the URL address. Click OKOK.

    How to format the URL address

    If the complete name of a remote server is unknown, or if you want to specify a whole group of remote servers, you can use a mask. The mask (the URL address you want to add) can include wildcards and other options such as the following:

    * – The asterisk wildcard will match the entire domain.
    ? – The question mark will match an address with the last but one character that you indicate (for example, x? would be an address with x as the last but one character).
    http:// or https:// – The protocol prefix is optional because both will be used if not included.

    For more detailed information and examples, see the Add mask Online Help topic.

    Figure 5-3
  6. Click OK in each open window to save your changes and exit Advanced setup.

You will no longer receive threat notifications from your ESET product when this URL is accessed.