This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bachan
Contributor
‎2023-09-06 11:06 PM

Checkpoint blocking the landing page of Microsoft

Hello Team,

Environment 

2 Check Point 5900 VSX environment running R80.40 JHF 192

Management console is running on R81.10 JHF109

Issue 

Need you suggestion on this issue we are facing in our environment.

We're currently running into issues while testing out AST as our new phishing simulation tool, part of the MS Defender platform.

Check Point is blocking the landing page attemplate.com as potentially malicious/spyware website.

This is the global landing page for the service, as acknowledged by MS here https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-train...

This URL is recently changed by Microsoft, as some tests done few weeks ago were not blocked by the firewall.

Phishing simulations are only successful if the different security elements are not blocking the simulation

The issue started some weeks ago – during initial testing of the phishing simulation, the issue did not occur.  Now we see that the Application/URL filtering is blocking the access to one of the Microsoft phishing domain names and IPS flags also mark the DNS request as phishing.

See screenshots below: attempts have been made to access https://attemplate.com (see list of domains in Get started using Attack simulation training | Microsoft Learn).  Microsoft is updating the list of domains used for Attack simulation training often as seen below 

As Microsoft is dynamically updating the different landing page templates, is there a possibility to dynamically exclude these 'landing pages' on the Check Point environment?

 
 

 

 

Log5.png
Preview file
77 KB
Log6.png
Preview file
55 KB
0 Kudos
3 Replies
Bachan
Contributor
‎2023-09-08 05:10 AM

Hi Team, 

Any update on above query ?  

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-09-08 05:58 AM
In response to Bachan

These URLs will need exclusions in your Threat Prevention policy.

Having them as a form of dynamic / updatable object would be an RFE that you should consult your local SE about.

Microsoft publish other lists in a JSON format for easy consumption but this doesn't appear to be the case here.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2023-09-08 06:36 AM

Can you temporarily just not add *microsoft* to access these sites? As per below in my screenshots/

Andy

 

 

 

Screenshot_1.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top