ESET's LiveGrid reputation system and web access protection module can block user access to your site if flagged. With over 110 million users globally, an ESET false positive significantly impacts traffic, especially from security-conscious users in Europe and Latin America where ESET has strong market share.
Identify the detection type
ESET uses several classification types: "Phishing site," "Blocked by internal blacklist," "Potentially unsafe," or "Suspicious." Each has slightly different implications. Check VirusTotal to confirm ESET's specific detection label.
Verify your site is clean
ESET's detection engine is sophisticated and rarely triggers without cause. Thoroughly check for: malicious JavaScript, hidden redirects, drive-by download scripts, crypto-mining code, or compromised resources loaded from third-party domains.
ESET is particularly vigilant about obfuscated JavaScript. If your site uses heavy JS minification or packing, this could trigger heuristic detection. Consider serving source maps or using standard minifiers.
Submit via ESET's sample submission form
Visit ESET's false positive submission page. Select "URL/link/domain" as the category. Provide your URL, your email address, and a detailed description of your website's legitimate purpose.
Include technical details
ESET's review team appreciates technical depth. Include: your hosting provider, CMS platform and version, security plugins in use, recent changes to the site, and any third-party scripts loaded.
Monitor for a response
ESET typically responds within 1-2 business days via email. They'll either confirm the removal or ask for additional information. If your site was genuinely compromised and cleaned, mention the specific remediation steps taken.
Confirm the fix
After ESET confirms the removal, updates propagate via LiveGrid to all ESET installations during their next signature update (usually within hours). Verify using VirusTotal or by testing with an ESET installation.