[KB3100] How Anti-Phishing works in your ESET product (15.x–16.x)



Click to expand

Anti-phishing technology protects you from attempts to acquire passwords, banking data, and other sensitive information by fake websites masquerading as legitimate ones. When your computer attempts to access a URL, ESET compares it against our database of known phishing sites. If a match is found, the connection to the URL is terminated, and a warning message is displayed. However, you have the option to proceed to the URL at your own risk or to report the URL to us as a potentially false positive warning.

The anti-phishing database is updated by ESET regularly (users’ computers receive data about new phishing threats every 20 minutes), and this database includes information from our partners as well.


ESET Smart Security, ESET Smart Security Premium, ESET Internet Security, and ESET NOD32 Antivirus provide anti-phishing protection that enables you to block web pages known to distribute phishing content. We strongly recommend that you leave Anti-Phishing enabled (Anti-Phishing is enabled by default).

Potential phishing attempt warning

When you access a phishing website, you will receive the following notification in your web browser. By clicking Ignore threat (in version 8 and earlier, Proceed to the site), you can access the website without receiving a warning message.
It is not recommended to proceed to a website that has been identified as a potential phishing website.

Figure 1-1

Report a phishing website to ESET

Reporting potentially malicious websites to ESET contributes to the online security of other ESET users by alerting ESET security professionals about potentially harmful content that should be detected by ESET.

To report phishing/malicious websites to ESET for analysis, or to report safe websites to ESET for removal from the ESET Blacklist, visit the following ESET web pages:

  • Report a phishing site to ESET 
    A website that you know or suspect to be a phishing website is not detected by your ESET product. Content that you submit may be added to the ESET Blacklist if analysis shows that malicious content is being distributed from the link you reported. 
  • Report a false positive phishing site to ESET 
    A website that you know to be safe is detected as a threat. Content reported as a false positive will be re-visited by ESET security professionals and removed from the ESET Blacklist if it is shown to be safe.
Report a phishing website or false positive by email 

Send reports of phishing websites to ESET Research Lab. Remember to use a descriptive subject and enclose as much information about the website as possible (for example the website that referred you there, how you heard about it, etc.).

Check your Anti-Phishing protection status

To check your Anti-Phishing protection status, follow the steps below:

  1. In the main program window, click SetupInternet protection

    Figure 1-2

  2. If Anti-Phishing protection is enabled, the toggle is green and Enabled will be displayed in the Anti-Phishing protection section.

    Figure 1-3

If Anti-Phishing protection is not enabled, the toggle is red and Disabled permanently or Paused will be displayed in the Anti-Phishing protection section. To re-enable Anti-Phishing protection, follow the steps below.

Anti-Phishing test

To test Anti-Phishing functionality, visit the following link (URL) in your web browser:

To see the activity of Anti-Phishing web and email protection, check ToolsLog filesFiltered websites. It will contain information with visited links (URLs) that were found.

Re-enable Anti-Phishing

  1. Click SetupInternet protection.

    Figure 2-1

  2. Click the toggle next to Anti-phishing protection.

Figure 2-2

Add websites to the Whitelist

The Whitelist is a list of websites that would normally be blocked by ESET but are accessible because you allowed them. Potential phishing websites that have been whitelisted will expire from the whitelist after several hours by default.

To permanently allow access to a Potential phishing website without interruption from your ESET product, follow the steps below:

  1. Press the F5 key to open Advanced setup.

  2. Click Web and Email Web access protection, expand URL Address Management and click Edit.

Figure 3-1

  1. Select List of addresses excluded from content scan and click Edit.

Figure 3-2

  1. From the Edit list window, click Add and type the URL address. Click OK in each of the open windows to save your changes and exit Advanced setup.
    How to format the URL address

    If the complete name of a remote server is unknown, or if you want to specify a whole group of remote servers, you can use a mask. The mask (the URL address you want to add) can include wildcards and other options such as the following:

    * The asterisk wildcard will match the entire domain
    ? The question mark will match an address with the last but one character that you indicate (for example, x? would be an address with x as the last but one character)
    http:// or https:// The protocol prefix is optional because both will be used if not included

    For more detailed information and examples, see the Online Help topic Add mask.

Figure 3-3

  1. You will no longer receive threat notifications from your ESET product when this URL is accessed.