This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pedro_Espindola
Advisor
‎2023-08-23 12:08 PM

How was your expericence with URL Emulation of Click-Time Protection?

Hello everyone,

I recently enabled URL Emulation feature in Click-Time Protection.

Today I was subscribing to some online service which required email validation.

So I went to the received email and clicked the link, but after redirecting to the final URL I got a message that the link was expired.

When I went back to the online service and tried to login my email was already validated, so everything worked in the end. Since the emulation happens on click-time, this would not be a vulnerability allowing someone to use my email without my consent to register to some site. It is just confusing for the user.

However, this got me thinking about the possible consequences of using this feature.

 

Before that, we were using only URL Reputation, but we had many false positives of user clicks in newsletters that used redirection services with low reputation like substack, while the final URL was fine. So I enabled emulation thinking that if Check Point validates that the final URL is OK, maybe I would get less false positives.

 

Does anyone care to share their experience?

0 Kudos
1 Reply
BrianGoosen
Explorer
‎2023-09-09 11:35 AM

Hello!

I have had the same issue with email link validation emails being automatically verified. It is quite a pain, but I have never had it actually be an issue or prevent me to access an account or service.

But the emulation has detected a few links that had good reputation, but the emulation picked up its a fake MS365 login page.

So, it does what it's supposed to.

 

I would maybe look at whitelisting those services that you constantly use or require email validation for.

For my case, its N-Able RMM.

0 Kudos
Trending Discussions
HEC temporary bypass - possible?
Upcoming Events

    CheckMates Events