Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
62742738
Participant

Zero Phishing is set to Prevent mode but Detect in logs

Hi everyone!

Can someone please help me, I'm just wondering why in the logs the action for Zero Phishing blade is Detect. But upon checking the policy, it is set to Prevent mode. See attached screenshots.

Logs Detect.pngPolicy Prevent.png

Why is it different? It should be Prevent in the logs as well right? Does anyone of you experienced this or am I missing out on something? Kind of a newbie in HEP 😄

0 Kudos
8 Replies
AdiGH
Employee
Employee

Hey,

Are all your rules set to prevent for zero phishing and password reuse? 

When you start with HEP the default policy is set to Detect, is it possible that on of the rules is still in detect mode?

0 Kudos
62742738
Participant

Yes, it is all in prevent mode. Even the default one is changed to Prevent mode.

0 Kudos
the_rock
Legend
Legend

I would do quick remote with TAC, Im sure something rudimentary is missing.

Best,

Andy

0 Kudos
lluner
Advisor

hi 

I checked that my policy is prevented and shows detect for sites with http

 

phishing2.png

phishing3.png

All these alerts are http related

 

phishing4.png

All policies are in preventive mode

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Any exclusions configured?

CCSM R77/R80/ELITE
0 Kudos
lluner
Advisor

Hi , Cris

For these sites no

 

0 Kudos
andreyta
Employee
Employee

Hello,

Those are detect events for sites that were scanned by Zero Phishing. The extension did not recognize them as phishing (which means that the login to them were not prevented) but they were detected to be suspicious because they are http sites with login page. 

0 Kudos
lluner
Advisor

tks. @andreyta 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events