This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Seth
Explorer
‎2020-04-21 01:25 PM

Endpoint Security white list domains for Sandblast agent for browsers Phishing check

first time poster, long time(1 year) listener.

I am trying to white list internal(not going through a gateway) homemade websites. When a user with E82.30.0530 (or any version) endpoint client tries to click on the username/password field they get blocked by the "SandBlast Agent for Browsers": Beware! Deceptive site blocked.

endpoint2.jpg

The error then goes on to explain itself and gives a link "if this is incorrect, send a report" (is that internal? can't find it)

I have added the site to the white-list in 2 places in the  SmartEndpoint management console. properties calls this area "Exclusions" under "inspect all domains and files" and "Protected Domains" under "Zero Phishing Settings.

endpoint.jpg

 

 

 

 

What am i doing wrong? Where do i white-list sites for the browser agent to not check for Phishing?

 

Seth in St. Louis

Labels
0 Kudos
1 Reply
Seth
Explorer
‎2020-04-28 08:18 AM

I found the answer. I was typing the domain name wrong.

answer was in this post:

https://community.checkpoint.com/t5/Endpoint-Security-Products/Zero-Phishing-Exceptions/td-p/49595

Talya towards the bottom pointed out:

When defining a domain for exclusion\protection, you should only consider the domain portion of the URL (shown in bold): https://www.checkpoint.com:8080/path/to/page
A domain will be classified as excluded\protected, if any entry in the exclusion list is a suffix of it.
For example, if the exclusion list contains the entry .checkpoint.com, then www.checkpoint.com will be excluded.

that was under "inspect all domains and files"

 

the Zero phishing "protected sites" is for data-mining the credentials to not allow to be used elsewhere. 

 

hope that helps.

Seth

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top