Francois Littel 0 Posted August 19 Share Posted August 19 Hi All, I am looking for a solution to get the phishing domains of Awaretrain through the eset cloud security. Microsoft has a special setting page to allow the phishing domains to pass through there protection (Successful phishing in Microsoft 365 (whitelisting) (awaretrain.com). The link in the mail is marked as phishing. The Exchange Online Anti-spam does have whitelisting options, but the exchange anti-phishing section doesn't have any settings. I have found an older thread where I think that the domain is added by an administrator into the system. we are using a list of domains, awaretrain is owner of these domains and only use them for phishing simulations : *.sharepointpublisher.com *.rapid-s3bucket.com *.protect-office.com *.privatevideoshare.com *.pensioenenonline.nl *.office536.com *.mailing.linkedin.com *.hulp-opafstand.nl *.goodiebunny.com *.fileshare-secure.com *.employeebonusses.com *.com-index-html.com *.clouddrivebox.com *.azurelogin-microsoft.com *.024-direct.com Could they also be added? Or is it possible to allow all e-mail from their server (87.233.213.11) to be bypassed? Hope to receive an answer quickly Thanks in advance! Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted August 20 Administrators Share Posted August 20 One of the above domains was on the blacklist but it's been removed already. We will block it again later once an option to set up custom rules has been added to ECOS. Quote Link to comment Share on other sites More sharing options...
ESET Staff product_manager_8 5 Posted August 23 ESET Staff Share Posted August 23 Hi there, we are planning two releases by the end of this year that may address your situation. In October, we are going to be adding the option to add "detection exclusions" into policies which will allow you to whitelist detections by hash or name. Then in December, we are planning to release the rule engine where you will have the ability to whitelist IPs/Domains and generally have more control of ECOS in terms of managing your rules. These are intended to help companies perform cybersecurity training and testing but it´s obviously up to you how you decide to use it I hope this helps. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.