Jump to content

Awaretrain phishing simulation domains can't be whitelisted so they are intercepted by eset.

Francois Littel
 Share

Recommended Posts

Francois Littel

Francois Littel 0

Posted
Posted

Hi All,

I am looking for a solution to get the phishing domains of Awaretrain through the eset cloud security.

Microsoft has a special setting page to allow the phishing domains to pass through there protection (Successful phishing in Microsoft 365 (whitelisting) (awaretrain.com).

The link in the mail is marked as phishing. The Exchange Online Anti-spam does have whitelisting options, but the exchange anti-phishing section doesn't have any settings.

I have found an older thread where I think that the domain is added by an administrator into the system.

we are using a list of domains, awaretrain is owner of these domains and only use them for phishing simulations :
*.sharepointpublisher.com
*.rapid-s3bucket.com
*.protect-office.com
*.privatevideoshare.com
*.pensioenenonline.nl
*.office536.com
*.mailing.linkedin.com
*.hulp-opafstand.nl
*.goodiebunny.com
*.fileshare-secure.com
*.employeebonusses.com
*.com-index-html.com
*.clouddrivebox.com
*.azurelogin-microsoft.com
*.024-direct.com

 Could they also be added?

Or is it possible to allow all e-mail from their server (87.233.213.11)  to be bypassed?

Hope to receive an answer quickly :)

Thanks in advance!

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,238

Posted
  • Administrators
Posted

One of the above domains was on the blacklist but it's been removed already. We will block it again later once an option to set up custom rules has been added to ECOS.

Link to comment
Share on other sites
  • ESET Staff
product_manager_8

product_manager_8 5

Posted
  • ESET Staff
Posted

Hi there, we are planning two releases by the end of this year that may address your situation.

In October, we are going to be adding the option to add "detection exclusions" into policies which will allow you to whitelist detections by hash or name.

Then in December, we are planning to release the rule engine where you will have the ability to whitelist IPs/Domains and generally have more control of ECOS in terms of managing your rules.

These are intended to help companies perform cybersecurity training and testing but it´s obviously up to you how you decide to use it :)

I hope this helps.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...