topic Re: Endpoint Security white list domains for Sandblast agent for browsers Phishing check in Endpoint

Endpoint Security white list domains for Sandblast agent for browsers Phishing check

Seth — Tue, 21 Apr 2020 20:25:07 GMT

first time poster, long time(1 year) listener.

I am trying to white list internal(not going through a gateway) homemade websites. When a user with E82.30.0530 (or any version) endpoint client tries to click on the username/password field they get blocked by the "SandBlast Agent for Browsers": Beware! Deceptive site blocked.

The error then goes on to explain itself and gives a link "if this is incorrect, send a report" (is that internal? can't find it)

I have added the site to the white-list in 2 places in the SmartEndpoint management console. properties calls this area "Exclusions" under "inspect all domains and files" and "Protected Domains" under "Zero Phishing Settings.

What am i doing wrong? Where do i white-list sites for the browser agent to not check for Phishing?

Seth in St. Louis

Re: Endpoint Security white list domains for Sandblast agent for browsers Phishing check

Seth — Tue, 28 Apr 2020 15:18:15 GMT

I found the answer. I was typing the domain name wrong.

answer was in this post:

https://community.checkpoint.com/t5/Endpoint-Security-Products/Zero-Phishing-Exceptions/td-p/49595

Talya towards the bottom pointed out:

When defining a domain for exclusion\protection, you should only consider the domain portion of the URL (shown in bold): https://www.checkpoint.com:8080/path/to/page
A domain will be classified as excluded\protected, if any entry in the exclusion list is a suffix of it.
For example, if the exclusion list contains the entry .checkpoint.com, then www.checkpoint.com will be excluded.

that was under "inspect all domains and files"

the Zero phishing "protected sites" is for data-mining the credentials to not allow to be used elsewhere.

hope that helps.

Seth