How does Anti-Phishing work in ESET Smart Security and ESET NOD32 Antivirus?


  • What is "phishing"?
  • You receive the notification "Warning: Potential phishing threat" from ESET Smart Security or ESET NOD32 Antivirus when attempting to visit a specific website or domain
  • How to report or remove a phishing site from scanning
  • How to enable/disabe Anti-Phishing in ESET Smart Security or ESET NOD32 Antivirus



Anti-Phishing technology protects you from attempts to acquire passwords, banking data and other sensitive information by fake websites masquerading as legitimate ones. When your computer attempts to access a URL, ESET compares it against our database of known phishing sites. If a match is found, the connection to the URL is terminated and a warning message is displayed. However, you have the option to proceed to the URL at your own risk or to report the URL to us as a potentially false positive warning.

The anti-phishing database is updated by ESET regularly (users’ computers receive data about new phishing threats every 20 minutes) and this database includes information from our partners as well.


ESET Smart Security and ESET NOD32 Antivirus provide Anti-Phishing protection that allows you to block web pages known to distribute phishing content. We strongly recommend that you leave Anti-Phishing enabled (Anti-Phishing is enabled in ESET Smart Security and ESET NOD32 Antivirus by default).

If you are accessing a phishing website

When you access a phishing website, you will receive the following notification in your web browser. By clicking Ignore threat (not recommended) or Proceed to the site in version 8 and earlier (click to view a screenshot), you can access the website without receiving a warning message.

Figure 1-1

Report a phishing site to ESET

Reporting potentially malicious websites contributes to the online security of other ESET users by directing ESET security professionals to content that may be harmful.

To report phishing/malicious websites to ESET for analysis, or report safe websites to ESET for removal from the ESET Blacklist, visit the following ESET web pages:

  • Report a phishing site to ESET 
    A website that you know or suspect to be a phishing website is not detected by your ESET product. Content that you submit may be added to the ESET Blacklist if analysis shows that malicious content is being distributed from the web address you reported. 
  • Report a false positive phishing site to ESET 
    A website that you know to be safe is detected as a threat. Content reported as a false positive will be re-visited by ESET security professionals and removed from the ESET Blacklist if it is shown to be safe.

Report a phishing website or false positive by email 

Send reports of phishing websites to Please remember to use a descriptive subject and enclose as much information about the website as possible (for example the website that referred you there, how you heard about it, etc.).

If Anti-Phishing is disabled

You can check to see whether Anti-Phishing is enabled by clicking SetupInternet protection in the main product window. You should see a green slider and the word "Enabled" under Anti-Phishing protection.

Figure 1-2
Click the image to view larger in new window

If Anti-Phishing is not enabled, follow the steps below to enable it:

  1. Open ESET Smart Security or ESET NOD32 Antivirus. How do I open my ESET product?
  2. Press the F5 key on your keyboard to access Advanced setup.
  3. Expand Web and Email, click Anti-Phishing protection, make sure that the check box next to Enable Anti-Phishing protection is selected and then click OK.

Figure 1-3
Click the image to view larger in new window


Adding Websites to the Whitelist

The Whitelist is a list of websites that would normally be blocked by ESET, but are accessible because you have either clicked Proceed to the site after receiving a security notification from your ESET product, or you have added the website manually in Advanced setup under URL address management. Potential phishing websites that have been whitelisted will expire after several hours by default.

To permanently allow access to a website without interruption from your ESET product, follow the steps below:

  1. Press the F5 on your keyboard to access the Advanced setup window.
  2. Expand Web and Email Web access protection URL Address Management and click Edit.

Figure 1-4
Click the image to view larger in new window

  1. Click List of addresses excluded from checking and then click Edit.

Figure 1-5
Click the image to view larger in new window

  1. From the Edit list screen, click Add and enter the details for the URL address (Add mask). 

    NOTE: How to format the URL address

    If the complete name of a remote server is unknown, or if you want to specify a whole group of remote servers, you can use a mask. The mask (the URL address you want to add) can include wildcards and other options such as the following:

    * The asterisk wildcard will match the entire domain
    ? The question mark will match an address with the last but one character that you indicate (for example, x? would be an address with x as the last but one character)
    http:// or https:// The protocol prefix is optional because both will be used if not included

    For more detailed information and examples, see the Online Help topic Add mask.

Figure 1-6

You will no longer receive threat notifications from your ESET product when this URL is accessed.

Was this information helpful?