Francois Littel 0 Posted August 19, 2024 Posted August 19, 2024 Hi All, I am looking for a solution to get the phishing domains of Awaretrain through the eset cloud security. Microsoft has a special setting page to allow the phishing domains to pass through there protection (Successful phishing in Microsoft 365 (whitelisting) (awaretrain.com). The link in the mail is marked as phishing. The Exchange Online Anti-spam does have whitelisting options, but the exchange anti-phishing section doesn't have any settings. I have found an older thread where I think that the domain is added by an administrator into the system. we are using a list of domains, awaretrain is owner of these domains and only use them for phishing simulations : *.sharepointpublisher.com *.rapid-s3bucket.com *.protect-office.com *.privatevideoshare.com *.pensioenenonline.nl *.office536.com *.mailing.linkedin.com *.hulp-opafstand.nl *.goodiebunny.com *.fileshare-secure.com *.employeebonusses.com *.com-index-html.com *.clouddrivebox.com *.azurelogin-microsoft.com *.024-direct.com Could they also be added? Or is it possible to allow all e-mail from their server (87.233.213.11) to be bypassed? Hope to receive an answer quickly Thanks in advance!
Administrators Marcos 5,730 Posted August 20, 2024 Administrators Posted August 20, 2024 One of the above domains was on the blacklist but it's been removed already. We will block it again later once an option to set up custom rules has been added to ECOS.
ESET Staff product_manager_8 5 Posted August 23, 2024 ESET Staff Posted August 23, 2024 Hi there, we are planning two releases by the end of this year that may address your situation. In October, we are going to be adding the option to add "detection exclusions" into policies which will allow you to whitelist detections by hash or name. Then in December, we are planning to release the rule engine where you will have the ability to whitelist IPs/Domains and generally have more control of ECOS in terms of managing your rules. These are intended to help companies perform cybersecurity training and testing but it´s obviously up to you how you decide to use it I hope this helps.
Recommended Posts