Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Steven_Lucas
Participant
Jump to solution

DNS Reputation Exception

I am trying to white-list a single domain for DNS Reputation prevents. Currently, it seems like the only option is to make exceptions for all of our DNS servers, effectively turning off DNS Reputation checks for DNS lookups in our company. 

The domain is a employee awareness training like for phishing that is publically available, so it technically is a phishing site and should not necessary be re-categorized, but we'd like to whitelist it for our company during our phishing tests.

Has anyone ever had to do this before? 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Seems like you could create a custom application definition for said domains and create an exception for it in your Threat Prevention policy.
Something like this:

Screen Shot 2019-06-14 at 4.03.57 PM.png

@Vladimir this might also be a solution to the thread you raised about this as well.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin

Seems like you could create a custom application definition for said domains and create an exception for it in your Threat Prevention policy.
Something like this:

Screen Shot 2019-06-14 at 4.03.57 PM.png

@Vladimir this might also be a solution to the thread you raised about this as well.

Vladimir
Champion
Champion

@PhoneBoy  perhaps this would work, if CHeck Point is the one blocking it.

When I've added KnowBe4 domains to the categorization exceptions, the problems persisted, so in my case this was the issue:

When querying the https.protected-forms.com from inside the network, I was getting "can't find" in nslookup:

image.png

Looking in Check Point for this query, we see that it detects it as the query for malicious domain, but it allows it:

image.png

Finally, looking at the public DNS resolver that the Domain Controller forwarding the queries to, (IBM's Secure DNS Service Quad 9):

image.png

 

I have reached out to KnowBe4 and they are working on whitelisting this domain with threat intelligence providers.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events