This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex-
Leader Leader
Leader
‎2024-05-06 08:02 AM

Mobile Access Page reported as Phishing website

We run Harmony Endpoint on Infinity Portal and Quantum appliances managed with an on-premises SMS.

The Quantum cluster provides MAB SNX for remote users. (R81.20 T53).

Since last Friday, the phishing protection blade on HEP gradually started to block the MAB URL on some users and today it happened for everyone.

The question is why it happens and how can we prevent this other than going through TAC. We might have other organisations running HEP accessing such resources and creating exceptions in all tenants is impractical.

3 Replies
PhoneBoy
Admin
Admin
‎2024-05-06 10:31 AM

The only action you can take without involving TAC is creating the appropriate exception.
TAC will probably be needed to understand why this is actually happening.

Alex-
Leader Leader
Leader
‎2024-05-06 11:04 PM
In response to PhoneBoy

For some reason the customer's domain got classified as "Uncategorised", I suppose the phishing module doesn't like too much seeing credential forms on such categories.

I've submitted an URL categorisation request to put it back in its correct category and it's done, I will wait some time and try again without the exception to see if it makes any difference.

0 Kudos
lluner
Advisor
‎2024-05-06 06:30 PM

hi alex ,

Like the same problem as you, the quantum firewall, the site was blocking by the antivirus blade and the endpoint by the phishing blade, I had to make exceptions on the firewall and on the endpoint for the given site. If you want, I'll pass it on to you

The site was a library repository that both the firewall and endpoint were blocking 

Url : linkbio.co

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events