tmuster2k 22 Posted June 12, 2017 Share Posted June 12, 2017 Customer has recently used KnowBe4 to send out fake phishing links to end users. This is to help with awareness and train end users as far as phishing goes. The link provided >> https://knowbe4.zendesk.com/hc/en-us/articles/203645138-Whitelist-data-and-anti-spam-filtering-information recommends whitelisting the ip addresses >> 23.21.109.197, 23.21.109.212 and 192.254.121.248. These have already been added into their mail security program. (not using EMSX). We already excluded the before mentioned ip's in Protocol FIltering in policy. Customer using ERA 5.x and latest version of EEA 5.x but still getting detected. Detection does not show in any logs but I see the real time window come up after link is clicked on. Wondering if there is something being missed as far as exclusions? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,716 Posted June 13, 2017 Administrators Share Posted June 13, 2017 Is it an email which is detected by EMSX or the link is blocked after clicking it in the email? Does it work after temporarily disabling web protection on clients? Link to comment Share on other sites More sharing options...
tmuster2k 22 Posted June 14, 2017 Author Share Posted June 14, 2017 was able to add 2 ip addresses from ESET alerts and that allowed it through. Link to comment Share on other sites More sharing options...
Recommended Posts