Menu

Second Chance Installation and Product Manual

Avatar
Katie Brennan
Updated
Follow

Second Chance Product Manual

Second Chance is a tool for Outlook, Office 365, and Gmail which prompts your users before they visit a potentially unsafe or unknown website. Users who click on URLs in their email, or on URLs located within attachments downloaded from their email, will be prompted by Second Chance and can choose to either "continue" to the website or "abort" their action. Aborting the action could provide your user a "second chance" to avoid a malware infection from a dangerous website.

Second Chance can be installed on a per-client basis or deployed through Group Policy (GPO). You can decide what URLs are "safe" to visit in your organization--these URLs you define will not trigger a prompt window to appear.

It is important to note that Second Chance is not an endpoint protection tool--it is a user behavior analysis and security awareness training tool. Should a user click on a link in their email or a link within an attachment they’ve downloaded from their email, the prompt they receive will be a "second chance" for your users to think twice before they navigate to a potentially dangerous site.

For an explanation of how you can introduce Second Chance to your users, check out our article: Why Should I Install Second Chance and How Can I Inform My Users?

Jump to:
Prerequisites
Settings
Installation Guides
User Experience
Data and Reports
Uninstallation
Troubleshooting
Frequently Asked Questions (FAQs)

  

Prerequisites

There are five main items you need in order to install Second Chance.

  1. Device(s) with the necessary OS and mail client for a successful installation
    • Devices you install Second Chance on must meet the following requirements:
      • Mail client: Gmail, Office 365, or Outlook (2010 or newer)
      • Browser:
        • If using Outlook: Compatible with any browser
        • If using Gmail/Office 365: Compatible with Internet Explorer
      • Operating system: Windows 7 and newer (32-bit and 64-bit)
      • .NET 4.0 or newer
      • Port 443 TCP (SSL/HTTPS) must be open outbound so it can connect to our server
        • If there is a firewall or proxy filtering outbound traffic, please ensure that your machines can reach client.sc.knowbe4.com and api.updates.knowbe4.com (if your account is located at training.knowbe4.com) and client-eu.sc.knowbe4.com and api.updates.knowbe4.com (if your account is located at eu.knowbe4.com) on Port 443.
      • Terminal server or Citrix (thin client) environments are not supported.
        • PCs that connect to a terminal server for any applications are also not supported.
      • Outlook Web App (OWA) is not supported.
  2. A KnowBe4 account (free or paid)
  3. Second Chance enabled in the Account Settings of your KnowBe4 account
    • After logging in to your KnowBe4 account, click your email address on the top right, then click "Account Settings".
    • Scroll to the bottom of the page under the "Second Chance" header. Check the box, then click the "Update Account Info" button.
    • See: Editing Account Settings
  4. The Second Chance Training Device Installer (.msi) file (See 5)
  5. Your account-specific license key
    • Items 4 and 5 will be located on the SECOND CHANCE tab of your KnowBe4 Account, on the Overview page.

Back to top

 

Settings

The Settings tab allows you to customize the content of your prompt messages and manage your "No Prompt" Domains.

 

Prompt Settings

The Prompt Settings area allows you to alter the content of your prompts and modify additional prompt settings.

Before installing, we recommend you consider what content you'd like to include in the prompt messages that appear when your users click on links in their email or within attachments they've previewed or opened from their email.

If you're not ready to do this before installation, remember that you can update the prompt content at any time and the next prompt your users see will match your current settings.

Second Chance will trigger four different types of prompts:

  1. General Prompt: For general URLs which have not been added to the No Prompt Domain list.
  2. Punycode Prompt: For Punycode links.
  3. Attachment Prompt: For links clicked within attachments that have been downloaded from email.
  4. URL Unwinding Prompt: For rewritten or shortened URLs.

To edit the content of the prompts, click on SECOND CHANCE at the top of your screen, then click the Settings tab.

 

General Prompt Text

In this area, you can modify the Message Banner, Message Prompt, "Continue" button, and "Abort" button. This text will appear on all Second Chance prompts.

Message BannerThis is the banner at the top of the prompt (maximum of 30 characters). 

Message Prompt: This text can serve as a reminder to the user to consider where the link is taking them and to check for red flags (maximum of 255 characters).

Abort ButtonThis button allows the user to cancel their current action and not visit the link they just clicked on (maximum of 40 characters).

Continue Button: This button allows the user to move forward with their action and visit the link they just clicked on (maximum of 40 characters).

Example of General Prompt:

Back to top

 

Punycode Prompt Text

In this area, you can modify the Punycode Description, which indicates that Punycode was detected within this particular link. This text will only appear on the Punycode prompt.

Example of Punycode Prompt:

What is Punycode?

Punycode was developed as a way to represent Unicode within the limited character subset used for websites (See: Wikipedia - Punycode). Unicode represents alphabets, like Greek and Cyrillic, but can appear similar or identical to Latin letters to when appearing in certain browser windows or operating systems. Essentially, you can use Punycode to allow the use of special characters in web addresses that would not normally be allowed.

Unfortunately, this gives the bad guys another method they can use to trick you and your users into thinking you're visiting a legitimate website. How? By using Punycode, cybercriminals can imitate the domains of popular websites. For example, the link your user is clicking on may appear to be visiting https://apple.com, when really it is visiting https://xn--80ak6aa92e.com/.

Back to top

 

Attachment Prompt Text

In this area, you can modify the Attachment Description, which indicates that this link was clicked on from an attachment the user downloaded or previewed from their email. This text will only appear on the Attachment prompt.

Example of Attachment Prompt:

Back to top

 

URL Unwinding

In this area, you can modify the URL Unwinding Description, which indicates that this was a rewritten or shortened URL. The prompt will decode or unwind the clicked URL to display the actual destination. This text will only appear on the URL Unwinding prompt.

Decode Shortened URLs: This setting will unwind URLs that have been shortened through the use of common URL shortening services. For a list of all supported URL shorteners, click here.

Decode Rewritten URLs: This setting will unwind URLs that have been rewritten by your mail or security environment. For a list of all supported URL rewriters, click here.

Example of URL Unwinding Prompt: 

Back to top

 

Additional Prompt Settings

The three available Additional Prompt Settings will modify when and if Second Chance prompts appear for specific types of links. These settings are checked "on" by default. A description of each is below:

Do Not Prompt on Internal Links:
This will enable/disable prompts on links that appear to be navigating to your internal network (non-routable domains).

Do Not Prompt on KnowBe4 Phishing and Training Links:
This will enable/disable prompts for KnowBe4's set of phish domains. Enabling this setting means that your users will not receive prompts when clicking phishing links within KnowBe4 phishing tests.

Note: If you check "Use KnowBe4's 'No Prompt Domains' List", this will automatically prevent prompts on KnowBe4's phishing and training links by default. 

Use KnowBe4's "No Prompt Domains" List:
This will enable/disable prompts for domains that exist on KnowBe4's "No Prompt Domains" list. This list contains sites that are deemed to be safe, do not have a history of being exploited by attackers, and likely do not pose a risk to your users.

Note: By default, if you check this box, you will also disable prompting for any KnowBe4 phishing and training links.

Back to top

 

“No Prompt” Domains

Beneath the Settings tab, you can click on ”No Prompt Domains” to define what URLs should not receive Second Chance prompts. Here, you'll see a list of the No Prompt Domains you've already added. Any URLs with domains matching your "No Prompt" Domains will not be prompted by Second Chance.

No Prompt Domains can be websites that your employees need to frequently access to meet the needs of their job responsibilities or any other websites that you deem to be appropriate for your organization. You can add up to 100 domains.

There are two ways to enter the URLs:

  1. Add individual domain:
    This will add a single domain to your No Prompt Domains list. Domains you add must be in proper domain format (Example: sub.domain.net, internet.co, knowbe4.com).
  2. Upload a CSV file:
    This method allows you to import multiple domains at once by uploading a CSV file (.csv). The .csv file you upload must have a header of Domain. Beneath the Domain header, you should add a single domain to each cell, line by line. Domains you add to this .csv must be in proper domain format (Example: sub.domain.net, internet.co, knowbe4.com).

    Note that enabling the "Replace all" checkbox will replace all of your current No Prompt Domains with your newly-uploaded .csv.

 

More about "No Prompt" Domains:

If you enter .com as a "No Prompt" domain, then all URLs with a .com domain extension will not prompt. If you add knowbe4.com, it will prevent prompts on all of knowbe4.com and its subdomains (for example, training.knowbe4.com). However, adding training.knowbe4.com will not prevent prompts on all of knowbe4.com--only addresses with the subdomain of training.knowbe4.com.

 

Back to top

 

Installation Guides

There are three main installation methods for Second Chance. As a best practice, we recommend installing Second Chance on a single machine to review its functionality prior to deploying to the rest of your organization.  

 

A) Standard Installation

This method will install Second Chance on a per client basis.

  1. Log in to your KnowBe4 console and click the Second Chance tab.
  2. Download the Second Chance Training Device Installer (.msi file).
  3. Open the installer file you just downloaded and follow the installation steps as prompted.
    • Accept the Second Chance License Agreement and click "Install".
    • Enter your license key when prompted.
    • Click “Finish” to complete the installation.
  4. To test that the installation was successful: Open the mail client on the machine where you installed Second Chance. Click on a link within an email and make sure you're receiving Second Chance prompts.

 

B) Command-line Installation

This method will install Second Chance on a per client basis by using a command-line.

  1. Download and Save the Second Chance Training Device Installer (.msi file) located beneath the Overview tab.
  2. Open an elevated Command Prompt window (Run Command Prompt as an administrator).
  3. In the Command Prompt window, navigate to the folder where you saved the Training Device Installer.
  4. Enter the following command, then hit Enter:
    Note: Edit the red fields below to match the name of the .msi installation file you downloaded as well as your license key.
    msiexec /quiet /i  KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX

    Alternatively, you have the option to install Second Chance with a proxy using the following command:

    msiexec /quiet /i KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX PROXYSERVER=hostname:port
    Note: You may substitute your hostname with an IP address.

  5. To test that the installation was successful: Open the mail client on the machine where you installed Second Chance. Click on a link within an email and make sure you're receiving Second Chance prompts.

 

C) Group Policy (GPO) Installation

Note:

When using this method, verify that Second Chance was installed using the local administrator account of the machine.

This method will allow you to deploy Second Chance to specific organizational units (OUs) or your entire organization.

Note that we STRONGLY recommend testing the below Group Policy on a single machine before deploying to your entire domain. To do this, you'll want to create and link your GPO to a test OU, containing the machine that you'd like to test Second Chance on, rather than link it to your domain (step 6-7 below).

  1. Log in to your server as an Administrator.
  2. Create a shared folder on your domain.
    • Right-click the folder and open Properties.
    • Under the Security tab, add Domain Computers with "Read" permissions.
    • Make sure you have "Write" permissions on the folder and that SYSTEM has "Read & Execute" permissions.
  3. Download and Save the Second Chance Installer (.msi file) to your shared folder.
  4. Create a .bat (batch) file within the shared folder using the following line:
    NOTE: Edit the red fields below to match the location of the shared drive where you saved the .msi installation file as well as your license key.
    msiexec /quiet /i \\NetworkPath\Name of Shared Folder\KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX

    Alternatively, if you have a proxy server filtering outbound traffic, you can specify the proxy server within the .bat file using the following line:
    msiexec /quiet /i \\NetworkPath\Name of Shared Folder\KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX PROXYSERVER=hostname:port
    • Example: msiexec /quiet /i \\server\deploy\KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX PROXYSERVER=10.1.20.201:3128

    • Note:

      Second Chance is proxy-aware and will try to connect to the internet with the proxy server specified for the local user's account. If your proxy is configured in a manner that Second Chance cannot automatically detect, you can use this PROXYSERVER switch during installation to manually specify the proxy server Second Chance will use to connect to the internet.


    Save the .bat file in the shared folder you created. The shared folder should now contain the .msi file and .bat file.
  5. Next, we'll create a Group Policy. Open the Group Policy Management Tool (gpmc.msc).
  6. Open the Forest and Domains drop-down and then right-click your domain (Example: Domain.local or Domain.com).
    *Reminder: These instructions deploy to your whole domain--we recommend testing this GPO on a single test OU (with a single test device placed within that OU) to see how it works.
  7. Click "Create a GPO in this domain, and Link it here...".
  8. Name your GPO (Example: Second Chance) and click "OK".
  9. Your new GPO will appear in the list. Right-click and select "Edit...".
  10. Drop-down Computer Configuration, then Policies, then Windows Settings, then click Scripts.
  11. Double-click Startup Scripts. This will bring up Startup Properties.
  12. Click "Add..." under the Script tab to bring up the Add a Script window.
  13. Click "Browse...". Browse to the shared folder that you created in Step 2, and select the .bat file you saved in Step 4. Click "Open", then click "OK" to save the new Startup Script.
  14. Click "OK" to close the Startup Properties screen.
  15. Close the Group Policy Management Editor.
  16. Under the Group Policy Management screen, right-click your new GPO and ensure there is a checkmark next to "Link Enabled". Your GPO should now be active.

    To test that the installation was successful: Open the mail client on a client machine within your domain. Click on a link within an email and make sure you're receiving Second Chance prompts. If you're not, check out our Troubleshooting tips at the bottom of the page.

Back to top

 

User Experience

Once Second Chance is installed and the service is running, your users will see a prompt the first time they click on a URL that you have not added to the “No Prompt” domain list.

Here is an example of that prompt:

The prompts will vary depending on the link they're clicking on. If it is a Punycode link, the user prompt will look slightly different. You can update the content of the prompt messages in your Second Chance Settings.

 

What happens if my user continues or aborts their action?

If they choose to abort their action, the prompt will be closed, and the URL will not be opened. If they choose to continue, their browser will navigate to the URL they clicked on. Either action taken will be recorded in the data and reports on your console.

 

Additional resources you can share with your users:

Back to top

 

Data and Reports

On your Overview tab, you’ll be able to view an overview of User Actions (Continued/Aborted) over the last 24 hours and since installation. You will also be able to download a CSV file of all of the users that have Second Chance installed on their machine. 

The CSV file will be downloaded to the same place that the Second Chance Training Device Installer is stored.

On the URLs tab, you can review all URLs that have triggered a Second Chance prompt message to appear.

Under the Users and Devices tabs, you can drill down on the specific users and devices where Second Chance prompts have occurred.

Back to top

 

URLs

The URLs tab will allow you to see all URLs that users have clicked on and been prompted by.

You can filter the data by the past day, past seven days, or all URLs. You can also sort the URLs alphabetically, by the number of times users "Continued" or "Aborted" visiting that site, and by the last time a user visited that site.

You can click on each of the URLs listed to view all details about that particular URL, including all users prompted after clicking that URL, the devices they were prompted on, and the action they took after being prompted.

Back to top

 

Users

The Users tab will contain all users that have been prompted by Second Chance, as well as the last device they were prompted on, the number of actions they’ve taken, and the last user action date.

Clicking on a user’s name will take you to that user’s individual report page, where you can see a list of all URLs that triggered a Second Chance prompt for the user.

For each listed URL, you’ll be able to see what action was taken by the user, when they took that action, and what device the prompt occurred on.

You can also click on the indicated device to see what other prompts occurred on that particular device.

Back to top

 

Devices

The Devices tab will contain all devices that have been prompted by Second Chance, as well as the last user that was prompted on that device, what version of Second Chance is installed and the date of the last user action on that device.

Clicking on a device will take you to that device's individual report page, where you can see a list of all URLs that triggered a Second Chance prompt on that device.

For each listed URL, you’ll be able to see what action was taken after the prompt occurred, when they took that action, and what device the prompt occurred on. You can also click on the listed device to see what other prompts occurred on that device.

You can also click on a user within the Devices list to see that the user's individual report page, showing the prompts they've received and actions they've taken.

Back to top

 

Uninstallation

A) Standard Uninstall

On each client machine, access your Control Panel's Add/Remove Programs area to uninstall Second Chance.

B) Command-line Uninstall

On each client machine, you can use an elevated Command Prompt to enter the following command:

msiexec /q /x KB4SCSvcSetup.msi

C) Group Policy Uninstall 

To uninstall Second Chance via Group Policy, you can simply edit the original .bat file that you used to set up the installation via Group Policy.

Edit the .bat file with the following:

  1. Change /i to /x (to uninstall)
  2. Remove license key

Your final .bat should look something like this:

msiexec /quiet /x \\NetworkPath\Name of Shared Folder\KB4SCSvcSetup.msi

Then, save the .bat with the same name to the same folder.

Back to top

 

Troubleshooting

If you’ve installed through Group Policy and you are not seeing Second Chance prompts, follow the below steps on the client machine where it should be been installed:

  1. Check your Add/Remove Programs list for "Second Chance". If you don't see it, attempt to follow the Command Prompt instructions shown below. If you do see Second Chance in your list of Programs, move on to the next step.
  2. Open your Task Manager and Services applications and check to see if the following services are running. If not, you can start/restart the services so that you'll receive Second Chance prompts the next time you click a link.
    • KB4SCSvc - Found in Services (Svcs)
    • KB4UC - Found in Task Manager
    • KB4SCWDSvc - Found in Task Manager
  3. Command Prompt Instructions:
    • Open an elevated Command Prompt (cmd) (run as Admin) on the client device you’re attempting the install on and enter the following commands to troubleshoot:
      • gpupdate /force
        • This entry will force an update of Group Policy on the client machine you are logged in to.
      • gpresult /r
        • This entry will let you review whether or not the Group Policy you set up is being applied to the client machine you are logged in to.
  4. Make sure you are using a UNC file path with your GPO installation (Example: \\Server\Volume\File).
  5. Restart the machine you're trying to install Second Chance on.
  6. If installing using a .bat file, it needs to be run with sufficient privileges.
  7. Finally, if you're still experiencing issues, you can modify your Group Policy to affect User Configuration instead of Computer Configuration.

Back to top

 

Frequently Asked Questions (FAQs)

What kind of files does Second Chance work with? 

If a user opens, previews, or downloads an Office file (Word, Excel, PowerPoint) or PDF attachment from a supported mail client, and the attachment contains a link inside of it which the user clicks, Second Chance will prompt the user. PDF attachments must be opened in Adobe Reader DC (not Adobe Acrobat Pro), Sumatra, or Foxit Reader. 

What URL rewriters and shorteners is Second Chance compatible with?

Supported URL Shorteners
Name URL
Bitly bit.ly
Bitdo bit.do
Capsulink cli.re, [www.]capsulink.com
Googl goo.gl
Owly ow.ly
TinyURL tinyurl.com
Supported URL Rewriters
Name URL
Barracuda linkprotect.cudasvc.com
Cisco secure-web.cisco.com
FireEye *.fireeye.com
Google (Gmail) [www.]google.com
Mimecast protect-*.mimecast.com
Outlook *.safelinks.protection.outlook.com
PostOffice clicktime.cloud.postoffice.net
Proofpoint urldefense.proofpoint.com
Sophos *.protection.sophos.com
Symantec clicktime.symantec.com
TrendMicro  *.trendmicro.com
Trustwave  scanmail.trustwave.com


Does Second Chance work with Outlook Web Access?

No. Outlook Web Access is unsupported.

Can I have a list of KnowBe4's No Prompt Domains?

For security reasons, we do not want that list to be public. Additionally, because the list is constantly changing, the data on the list would become inaccurate quickly.

My users are clicking "Continue" but their browser window isn't appearing.

The browser window has most likely been opened, but it will not appear as a "pop up" on the screen after clicking. Depending on the default browser, there may be a flashing browser icon in the taskbar indicating a new link was opened. Instruct them to double-check their browser after clicking the Second Chance prompt to "continue" to the site, as the site should have been opened.

After installing Second Chance, I'm getting an error when I open Excel.

The error message "The program can't start because MSVCR90.dll is missing from your computer. Try reinstalling the program to fix this problem" is due to a known compatibility issue with Windows 10, Excel 2010, and Sophos/Hitman Pro.

How is my data encrypted?

Your data is encrypted via HTTPS. This data falls under our normal privacy standards. For more details, see our privacy policy here.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles