topic Re: IA collector - events from shared mailboxes in Firewall and Security Management

IA collector - events from shared mailboxes

dede79 — Mon, 05 Dec 2022 10:39:22 GMT

Hello,

I discovered that having a shared mailbox in addition to the personal one is resulting in permanent access role updates on the client.

If I close outlook I only see the logged in user.

Checkpoint says its by design - but actually installing MUH agent on thousends of clients is not a nice solution or me.

Has anybody seen this issue before? It really gets problematic if the username of the shared mailbox has no rules for internet access - when role is updated the user using this pc can not access the web.

Since it looks like a real windows login event I so no options for exclude filters.

Gateways are R81 - collector 81.040

Thanks

Re: IA collector - events from shared mailboxes

the_rock — Mon, 05 Dec 2022 11:48:08 GMT

I also believe thats by design. Log out events would never be logged, as Microsoft would never log those in the first place, only log-in ones.

Re: IA collector - events from shared mailboxes

PhoneBoy — Mon, 05 Dec 2022 15:51:04 GMT

This is expected behavior when you effectively have multiple identities on one PC, which is what I presume is happening as a result of this shared mailbox.
Not sure even MUH would necessarily solve this.
What about when you access the shared mailbox using Outlook Web Access (instead of using Outlook)?

Re: IA collector - events from shared mailboxes

dede79 — Wed, 07 Dec 2022 12:28:14 GMT

I suppose then we will not have that issue. So it is a microsoft thing that thei create an login event just for a mailbox access? Strange that I see it the first time - doing IA nearly from begining on.

Re: IA collector - events from shared mailboxes

PhoneBoy — Wed, 07 Dec 2022 13:05:09 GMT

I assume so, yes
It’s possible it’s a behavior change in Outlook if this started only recently.