We're starting up a security awareness campaign, where, in part, we will be using PhishMe's service to phish our employees; where falling for the phish will lead to training and education. PhishMe provided us with the list of all the domains that they own so that we could white-list them in our proxies. I tested them all, but there were two or three domains I still couldn't reach.
Sophos Enterprise provides a method to explicitly allow connections to specific web sites even if the Sophos proxy would normally block it. (Exceptions can be added in the Web Control, on the "Website Exceptions" tab.) Pretty simple.
However, after adding the domains to the exception, there were still two or three domains that I still could not reach. I didn't want to just exclude those domains from scenarios, as I felt it might limit my choices. I found that the Anti-Virus and HIPS Policy has a section that addresses domain blocking...and I believe this is if the AV thinks that there is malware on the page. If you view your "Anti-Virus and HIPS Policy" you will see a section mid-way down the screen titled Web Protection. If it is on, click the Authorization button at the top of the screen. Go to the Websites tab, and add the domains you want to white-list. Bear in mind that the AV will not scan these domains. Once you hit OK, you should be able to browse the domains.
Friday, January 17, 2014
Subscribe to:
Post Comments (Atom)
As a "customer", I find the phishme technique annoying and disrespectful. If you really think you are helping the community by sending them corporate spam for "training", you disunderstand your customer needs. No More Corporate Spam!
ReplyDelete