Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bachan
Contributor

Checkpoint blocking the landing page of Microsoft

Hello Team,

Environment 

2 Check Point 5900 VSX environment running R80.40 JHF 192

Management console is running on R81.10 JHF109

Issue 

Need you suggestion on this issue we are facing in our environment.

We're currently running into issues while testing out AST as our new phishing simulation tool, part of the MS Defender platform.

Check Point is blocking the landing page attemplate.com as potentially malicious/spyware website.

This is the global landing page for the service, as acknowledged by MS here https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-train...

This URL is recently changed by Microsoft, as some tests done few weeks ago were not blocked by the firewall.

Phishing simulations are only successful if the different security elements are not blocking the simulation

The issue started some weeks ago – during initial testing of the phishing simulation, the issue did not occur.  Now we see that the Application/URL filtering is blocking the access to one of the Microsoft phishing domain names and IPS flags also mark the DNS request as phishing.

See screenshots below: attempts have been made to access https://attemplate.com (see list of domains in Get started using Attack simulation training | Microsoft Learn).  Microsoft is updating the list of domains used for Attack simulation training often as seen below 

As Microsoft is dynamically updating the different landing page templates, is there a possibility to dynamically exclude these 'landing pages' on the Check Point environment?

 
 

 

 

0 Kudos
3 Replies
Bachan
Contributor

Hi Team, 

Any update on above query ?  

0 Kudos
Chris_Atkinson
Employee Employee
Employee

These URLs will need exclusions in your Threat Prevention policy.

Having them as a form of dynamic / updatable object would be an RFE that you should consult your local SE about.

Microsoft publish other lists in a JSON format for easy consumption but this doesn't appear to be the case here.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend

Can you temporarily just not add *microsoft* to access these sites? As per below in my screenshots/

Andy

 

 

 

Screenshot_1.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events