topic Re: Mobile Access Page reported as Phishing website in Endpoint

Mobile Access Page reported as Phishing website

Alex- — Mon, 06 May 2024 15:02:48 GMT

We run Harmony Endpoint on Infinity Portal and Quantum appliances managed with an on-premises SMS.

The Quantum cluster provides MAB SNX for remote users. (R81.20 T53).

Since last Friday, the phishing protection blade on HEP gradually started to block the MAB URL on some users and today it happened for everyone.

The question is why it happens and how can we prevent this other than going through TAC. We might have other organisations running HEP accessing such resources and creating exceptions in all tenants is impractical.

Re: Mobile Access Page reported as Phishing website

PhoneBoy — Mon, 06 May 2024 17:31:48 GMT

The only action you can take without involving TAC is creating the appropriate exception.
TAC will probably be needed to understand why this is actually happening.

Re: Mobile Access Page reported as Phishing website

lluner — Tue, 07 May 2024 01:30:20 GMT

hi alex ,

Like the same problem as you, the quantum firewall, the site was blocking by the antivirus blade and the endpoint by the phishing blade, I had to make exceptions on the firewall and on the endpoint for the given site. If you want, I'll pass it on to you

The site was a library repository that both the firewall and endpoint were blocking

Url : linkbio.co

Re: Mobile Access Page reported as Phishing website

Alex- — Tue, 07 May 2024 06:04:14 GMT

For some reason the customer's domain got classified as "Uncategorised", I suppose the phishing module doesn't like too much seeing credential forms on such categories.

I've submitted an URL categorisation request to put it back in its correct category and it's done, I will wait some time and try again without the exception to see if it makes any difference.