Jump to content

ESET detecting KnowBe4 fake phishing links after whitelisting ip addresses

tmuster2k

By tmuster2k
in ESET Endpoint Products

 Share

Recommended Posts

tmuster2k

tmuster2k 22

Posted
Posted

Customer has recently used KnowBe4 to send out fake phishing links to end users. This is to help with awareness and train end users as far as phishing goes. 

The link provided >> https://knowbe4.zendesk.com/hc/en-us/articles/203645138-Whitelist-data-and-anti-spam-filtering-information   recommends whitelisting the ip addresses >>

23.21.109.197, 23.21.109.212 and 192.254.121.248. These have already been added into their mail security program. (not using EMSX). We already excluded the before mentioned ip's in Protocol FIltering in policy. Customer using ERA 5.x and latest version of EEA 5.x but still getting detected.  Detection does not show in any logs but I see the real time window come up after link is clicked on.  Wondering if there is something being missed as far as exclusions? 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Is it an email which is detected by EMSX or the link is blocked after clicking it in the email? Does it work after temporarily disabling web protection on clients?

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...