Jump to content

ESET detecting KnowBe4 fake phishing links after whitelisting ip addresses


tmuster2k
 Share

Recommended Posts

Customer has recently used KnowBe4 to send out fake phishing links to end users. This is to help with awareness and train end users as far as phishing goes. 

The link provided >> https://knowbe4.zendesk.com/hc/en-us/articles/203645138-Whitelist-data-and-anti-spam-filtering-information   recommends whitelisting the ip addresses >>

23.21.109.197, 23.21.109.212 and 192.254.121.248. These have already been added into their mail security program. (not using EMSX). We already excluded the before mentioned ip's in Protocol FIltering in policy. Customer using ERA 5.x and latest version of EEA 5.x but still getting detected.  Detection does not show in any logs but I see the real time window come up after link is clicked on.  Wondering if there is something being missed as far as exclusions? 

Link to comment
Share on other sites

  • Administrators

Is it an email which is detected by EMSX or the link is blocked after clicking it in the email? Does it work after temporarily disabling web protection on clients?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...