cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

DNS Reputation Exception

I am trying to white-list a single domain for DNS Reputation prevents. Currently, it seems like the only option is to make exceptions for all of our DNS servers, effectively turning off DNS Reputation checks for DNS lookups in our company. 

The domain is a employee awareness training like for phishing that is publically available, so it technically is a phishing site and should not necessary be re-categorized, but we'd like to whitelist it for our company during our phishing tests.

Has anyone ever had to do this before? 

Tags (1)
2 Replies
Admin
Admin

Re: DNS Reputation Exception

Seems like you could create a custom application definition for said domains and create an exception for it in your Threat Prevention policy.
Something like this:

Screen Shot 2019-06-14 at 4.03.57 PM.png

@Vladimir this might also be a solution to the thread you raised about this as well.

Vladimir
Pearl

Re: DNS Reputation Exception

@PhoneBoy  perhaps this would work, if CHeck Point is the one blocking it.

When I've added KnowBe4 domains to the categorization exceptions, the problems persisted, so in my case this was the issue:

When querying the https.protected-forms.com from inside the network, I was getting "can't find" in nslookup:

image.png

Looking in Check Point for this query, we see that it detects it as the query for malicious domain, but it allows it:

image.png

Finally, looking at the public DNS resolver that the Domain Controller forwarding the queries to, (IBM's Secure DNS Service Quad 9):

image.png

 

I have reached out to KnowBe4 and they are working on whitelisting this domain with threat intelligence providers.