How does Anti-Phishing work in my ESET product?


  • What is "phishing"?
  • You receive the notification "Warning: Potential phishing threat" when attempting to visit a specific website or domain
  • How to report or remove a phishing site from scanning
  • How to enable/disabe Anti-Phishing


Anti-Phishing technology protects you from attempts to acquire passwords, banking data and other sensitive information by fake websites masquerading as legitimate ones. When your computer attempts to access a URL, ESET compares it against our database of known phishing sites. If a match is found, the connection to the URL is terminated and a warning message is displayed. However, you have the option to proceed to the URL at your own risk or to report the URL to us as a potentially false positive warning.

The anti-phishing database is updated by ESET regularly (users’ computers receive data about new phishing threats every 20 minutes) and this database includes information from our partners as well.


ESET Smart Security, ESET Smart Security Premium, ESET Internet Security, and ESET NOD32 Antivirus provide Anti-Phishing protection that allows you to block web pages known to distribute phishing content. We strongly recommend that you leave Anti-Phishing enabled (Anti-Phishing is enabled by default).

Potential phishing attempt warning

When you access a phishing website, you will receive the following notification in your web browser (see Figure 1-1). By clicking Ignore threat, or Proceed to the site in version 8 and earlier (click to view a screenshot), you can access the website without receiving a warning message.

This is not recommended.

Figure 1-1

Report a phishing site to ESET

Reporting potentially malicious websites contributes to the online security of other ESET users by directing ESET security professionals to content that may be harmful.

To report phishing/malicious websites to ESET for analysis, or report safe websites to ESET for removal from the ESET Blacklist, visit the following ESET web pages:

  • Report a phishing site to ESET 
    A website that you know or suspect to be a phishing website is not detected by your ESET product. Content that you submit may be added to the ESET Blacklist if analysis shows that malicious content is being distributed from the web address you reported. 
  • Report a false positive phishing site to ESET 
    A website that you know to be safe is detected as a threat. Content reported as a false positive will be re-visited by ESET security professionals and removed from the ESET Blacklist if it is shown to be safe.

Report a phishing website or false positive by email 

Send reports of phishing websites to Please remember to use a descriptive subject and enclose as much information about the website as possible (for example the website that referred you there, how you heard about it, etc.).

Re-enable Anti-Phishing

Check to see whether Anti-Phishing is enabled by following the steps below:

  1. Click SetupInternet protection in the main product window. 

    Figure 1-2

  2. You should see a green slider and the word "Enabled" under Anti-Phishing protection.

    Figure 1-3

If Anti-Phishing is not enabled, follow the steps below to enable it:

  1. Click Setup → Internet protection in the main product window. 

    Figure 1-4

  2. Click the slider bar next to Anti-phishing protection to re-enable it.

Figure 1-5


Add websites to the Whitelist

The Whitelist is a list of websites that would normally be blocked by ESET, but are accessible because you have either clicked Proceed to the site after receiving a security notification from your ESET product, or you have added the website manually in Advanced setup under URL address management. Potential phishing websites that have been whitelisted will expire after several hours by default.

To permanently allow access to a website without interruption from your ESET product, follow the steps below:

  1. Press the F5 on your keyboard to access the Advanced setup window.
  2. Expand Web and Email Web access protection, expand URL Address Management and then click Edit.

Figure 1-6

  1. Click List of addresses excluded from checking and then click Edit.

Figure 1-7

  1. From the Edit list screen, click Add and enter the details for the URL address (Add mask). Click OK → OK → OK to save your changes.

    NOTE: How to format the URL address

    If the complete name of a remote server is unknown, or if you want to specify a whole group of remote servers, you can use a mask. The mask (the URL address you want to add) can include wildcards and other options such as the following:

    * The asterisk wildcard will match the entire domain
    ? The question mark will match an address with the last but one character that you indicate (for example, x? would be an address with x as the last but one character)
    http:// or https:// The protocol prefix is optional because both will be used if not included

    For more detailed information and examples, see the Online Help topic Add mask.

Figure 1-8

  1. Click OK to exit the Advanced setup window.

You will no longer receive threat notifications from your ESET product when this URL is accessed.

Was this information helpful?