Second Chance Product Manual
Second Chance is a tool for Outlook, Microsoft 365 (formerly Office 365), and Gmail which prompts your users before they visit a potentially unsafe or unknown website. Users who click on URLs in their email, or on URLs located within attachments downloaded from their email, will be prompted by Second Chance and can choose to either "continue" to the website or "abort" their action. Aborting the action could provide your user a "second chance" to avoid a malware infection from a dangerous website.
Second Chance can be installed on a per-client basis or deployed through Group Policy (GPO). You can decide what URLs are "safe" to visit in your organization--these URLs you define will not trigger a prompt window to appear.
It is important to note that Second Chance is not an endpoint protection tool--it is a user behavior analysis and security awareness training tool. Should a user click on a link in their email or a link within an attachment they’ve downloaded from their email, the prompt they receive will be a "second chance" for your users to think twice before they navigate to a potentially dangerous site.
For an explanation of how you can introduce Second Chance to your users, check out our article: Why Should I Install Second Chance and How Can I Inform My Users?
Jump to:
Prerequisites
Settings
Installation Guides
User Experience
Data and Reports
Uninstallation
Troubleshooting
Prerequisites
There are five main items you need in order to install Second Chance.
- Device(s) with the necessary OS and mail client for a successful installation
- Devices you install Second Chance on must meet the following requirements:
- Mail client: Gmail, Microsoft 365, or Outlook (2010 or newer)
- Browser:
- If using Outlook: Compatible with any browser
- If using Gmail: Compatible with Internet Explorer
- Outlook Web App (OWA) is not supported.
- Operating system: Windows 7 and newer (32-bit and 64-bit)
- .NET 4.0 or newer
- Port 443 TCP (SSL/HTTPS) must be open outbound so it can connect to our server
- If there is a firewall or proxy filtering outbound traffic, please ensure that your machines can reach client.sc.knowbe4.com and api.updates.knowbe4.com (if your account is located at training.knowbe4.com) and client-eu.sc.knowbe4.com and api.updates.knowbe4.com (if your account is located at eu.knowbe4.com) on Port 443.
- Terminal server or Citrix (thin client) environments are not supported.
- PCs that connect to a terminal server for any applications are also not supported.
- Devices you install Second Chance on must meet the following requirements:
- A KnowBe4 account (free or paid)
- Log in to your KnowBe4 account, or sign up for an account here if you do not have one yet.
- Second Chance enabled in the Account Settings of your KnowBe4 account
- After logging in to your KnowBe4 account, click your email address on the top right, then click Account Settings.
- Scroll to the bottom of the page under the Second Chance header. Check the box, then click the Save Changes button.
- See: Editing Account Settings
- The Second Chance Training Device Installer (.msi) file (See 5)
- Your account-specific license key
- Items 4 and 5 will be located on the SECOND CHANCE tab of your KnowBe4 Account, on the Overview page.
- Items 4 and 5 will be located on the SECOND CHANCE tab of your KnowBe4 Account, on the Overview page.
Settings
The Settings tab allows you to customize the content of your prompt messages and manage your "No Prompt" Domains.
Prompt Settings
The Prompt Settings area allows you to alter the content of your prompts and modify additional prompt settings.
Before installing, we recommend you consider what content you'd like to include in the prompt messages that appear when your users click on links in their email or within attachments they've previewed or opened from their email.
If you're not ready to do this before installation, remember that you can update the prompt content at any time and the next prompt your users see will match your current settings.
Second Chance will trigger four different types of prompts:
- General Prompt: For general URLs which have not been added to the No Prompt Domain list.
- Punycode Prompt: For Punycode links.
- Attachment Prompt: For links clicked within attachments that have been downloaded from email.
- URL Unwinding Prompt: For rewritten or shortened URLs.
To edit the content of the prompts, click on SECOND CHANCE at the top of your screen, then click the Settings tab.
General Prompt Text
In this area, you can modify the Message Banner, Message Prompt, "Continue" button, and "Abort" button. This text will appear on all Second Chance prompts.
Message Banner: This is the banner at the top of the prompt (maximum of 30 characters).
Message Prompt: This text can serve as a reminder to the user to consider where the link is taking them and to check for red flags (maximum of 255 characters).
Abort Button: This button allows the user to cancel their current action and not visit the link they just clicked on (maximum of 40 characters).
Continue Button: This button allows the user to move forward with their action and visit the link they just clicked on (maximum of 40 characters).
Example of General Prompt:
Punycode Prompt Text
In this area, you can modify the Punycode Description, which indicates that Punycode was detected within this particular link. This text will only appear on the Punycode prompt.
Example of Punycode Prompt:
What is Punycode?
Punycode was developed as a way to represent Unicode within the limited character subset used for websites (See: Wikipedia - Punycode). Unicode represents alphabets, like Greek and Cyrillic, but can appear similar or identical to Latin letters to when appearing in certain browser windows or operating systems. Essentially, you can use Punycode to allow the use of special characters in web addresses that would not normally be allowed.
Unfortunately, this gives the bad guys another method they can use to trick you and your users into thinking you're visiting a legitimate website. How? By using Punycode, cybercriminals can imitate the domains of popular websites. For example, the link your user is clicking on may appear to be visiting https://apple.com, when really it is visiting https://xn--80ak6aa92e.com/.
Attachment Prompt Text
In this area, you can modify the Attachment Description, which indicates that this link was clicked on from an attachment the user downloaded or previewed from their email. This text will only appear on the Attachment prompt.
Example of Attachment Prompt:
URL Unwinding
In this area, you can modify the URL Unwinding Description, which indicates that this was a rewritten or shortened URL. The prompt will decode or unwind the clicked URL to display the actual destination. This text will only appear on the URL Unwinding prompt.
Decode Shortened URLs: This setting will unwind URLs that have been shortened through the use of common URL shortening services. For a list of all supported URL shorteners, click here.
Decode Rewritten URLs: This setting will unwind URLs that have been rewritten by your mail or security environment. For a list of all supported URL rewriters, click here.
Example of URL Unwinding Prompt:
Additional Prompt Settings
The three available Additional Prompt Settings will modify when and if Second Chance prompts appear for specific types of links. These settings are checked "on" by default. A description of each is below:
Do Not Prompt on Internal Links:
This will enable/disable prompts on links that appear to be navigating to your internal network (non-routable domains).
Do Not Prompt on KnowBe4 Phishing and Training Links:
This will enable/disable prompts for KnowBe4's set of phish domains. Enabling this setting means that your users will not receive prompts when clicking phishing links within KnowBe4 phishing tests.
Note: If you check "Use KnowBe4's 'No Prompt Domains' List", this will automatically prevent prompts on KnowBe4's phishing and training links by default.
Use KnowBe4's "No Prompt Domains" List:
This will enable/disable prompts for domains that exist on KnowBe4's "No Prompt Domains" list. This list contains sites that are deemed to be safe, do not have a history of being exploited by attackers, and likely do not pose a risk to your users.
Note: By default, if you check this box, you will also disable prompting for any KnowBe4 phishing and training links.
No Prompt Domains
Beneath the Settings tab, you can click on ”No Prompt Domains” to define what URLs should not receive Second Chance prompts. Here, you'll see a list of the No Prompt Domains you've already added. Any URLs with domains matching your "No Prompt" Domains will not be prompted by Second Chance.
No Prompt Domains can be websites that your employees need to frequently access to meet the needs of their job responsibilities or any other websites that you deem to be appropriate for your organization. You can add up to 1,000 domains.
There are two ways to enter the URLs:
- Add individual domain:
This will add a single domain to your No Prompt Domains list. Domains you add must be in proper domain format (Example: sub.domain.net, internet.co, knowbe4.com). - Upload a CSV file:
This method allows you to import multiple domains at once by uploading a CSV file (.csv). The .csv file you upload must have a header of Domain. Beneath the Domain header, you should add a single domain to each cell, line by line. Domains you add to this .csv must be in proper domain format (Example: sub.domain.net, internet.co, knowbe4.com).
Note that enabling the "Replace all" checkbox will replace all of your current No Prompt Domains with your newly-uploaded .csv.
More about No Prompt Domains:
If you enter .com as a "No Prompt" domain, then all URLs with a .com domain extension will not prompt. If you add knowbe4.com, it will prevent prompts on all of knowbe4.com and its subdomains (for example, training.knowbe4.com). However, adding training.knowbe4.com will not prevent prompts on all of knowbe4.com--only addresses with the subdomain of training.knowbe4.com.
Installation Methods
There are three main installation methods for Second Chance. As a best practice, we recommend installing Second Chance on a single machine to review its functionality prior to deploying to the rest of your organization.
A) Standard Installation
This method will install Second Chance on a per client basis.
- Log in to your KnowBe4 console and click the Second Chance tab.
- Download the Second Chance Training Device Installer (.msi file).
- Open the installer file you just downloaded and follow the installation steps as prompted.
- Accept the Second Chance License Agreement and click "Install".
- Enter your license key when prompted.
- Click “Finish” to complete the installation.
- To test that the installation was successful: Open the mail client on the machine where you installed Second Chance. Click on a link within an email and make sure you're receiving Second Chance prompts.
B) Command-line Installation
This method will install Second Chance on a per client basis by using a command-line.
- Download and Save the Second Chance Training Device Installer (.msi file) located beneath the Overview tab.
- Open an elevated Command Prompt window (Run Command Prompt as an administrator).
- In the Command Prompt window, navigate to the folder where you saved the Training Device Installer.
- Enter the following command, then hit Enter:
Note: Edit the red fields below to match the name of the .msi installation file you downloaded as well as your license key.msiexec /quiet /i KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX
Alternatively, you have the option to install Second Chance with a proxy using the following command:
msiexec /quiet /i KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX PROXYSERVER=hostname:port
Note: You may substitute your hostname with an IP address. -
To test that the installation was successful: Open the mail client on the machine where you installed Second Chance. Click on a link within an email and make sure you're receiving Second Chance prompts.
C) Group Policy (GPO) Installation
Note:
When using this method, verify that Second Chance was installed using the local administrator account of the machine.
This method will allow you to deploy Second Chance to specific organizational units (OUs) or your entire organization.
Note that we STRONGLY recommend testing the below Group Policy on a single machine before deploying to your entire domain. To do this, you'll want to create and link your GPO to a test OU, containing the machine that you'd like to test Second Chance on, rather than link it to your domain (step 6-7 below).
- Log in to your server as an Administrator.
- Create a shared folder on your domain.
- Right-click the folder and open Properties.
- Under the Security tab, add Domain Computers with "Read" permissions.
- Make sure you have "Write" permissions on the folder and that SYSTEM has "Read & Execute" permissions.
- Download and Save the Second Chance Installer (.msi file) to your shared folder.
- Create a .bat (batch) file within the shared folder using the following line:
NOTE: Edit the red fields below to match the location of the shared drive where you saved the .msi installation file as well as your license key.msiexec /quiet /i \\NetworkPath\Name of Shared Folder\KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX
Alternatively, if you have a proxy server filtering outbound traffic, you can specify the proxy server within the .bat file using the following line:msiexec /quiet /i \\NetworkPath\Name of Shared Folder\KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX PROXYSERVER=hostname:port
- Example:
msiexec /quiet /i \\server\deploy\KB4SCSvcSetup.msi LicenseKey=XXXXXXXXXX PROXYSERVER=10.1.20.201:3128
-
Note:
Second Chance is proxy-aware and will try to connect to the internet with the proxy server specified for the local user's account. If your proxy is configured in a manner that Second Chance cannot automatically detect, you can use this PROXYSERVER switch during installation to manually specify the proxy server Second Chance will use to connect to the internet.
Save the .bat file in the shared folder you created. The shared folder should now contain the .msi file and .bat file. - Example:
- Next, we'll create a Group Policy. Open the Group Policy Management Tool (gpmc.msc).
- Open the Forest and Domains drop-down and then right-click your domain (Example: Domain.local or Domain.com).
*Reminder: These instructions deploy to your whole domain--we recommend testing this GPO on a single test OU (with a single test device placed within that OU) to see how it works. - Click "Create a GPO in this domain, and Link it here...".
- Name your GPO (Example: Second Chance) and click "OK".
- Your new GPO will appear in the list. Right-click and select "Edit...".
- Drop-down Computer Configuration, then Policies, then Windows Settings, then click Scripts.
- Double-click Startup Scripts. This will bring up Startup Properties.
- Click "Add..." under the Script tab to bring up the Add a Script window.
- Click "Browse...". Browse to the shared folder that you created in Step 2, and select the .bat file you saved in Step 4. Click "Open", then click "OK" to save the new Startup Script.
- Click "OK" to close the Startup Properties screen.
- Close the Group Policy Management Editor.
- Under the Group Policy Management screen, right-click your new GPO and ensure there is a checkmark next to "Link Enabled". Your GPO should now be active.
To test that the installation was successful: Open the mail client on a client machine within your domain. Click on a link within an email and make sure you're receiving Second Chance prompts. If you're not, check out our Troubleshooting tips at the bottom of the page.
User Experience
Once Second Chance is installed and the service is running, your users will see a prompt the first time they click on a URL that you have not added to the “No Prompt” domain list.
Here is an example of that prompt:
The prompts will vary depending on the link they're clicking on. If it is a Punycode link, the user prompt will look slightly different. You can update the content of the prompt messages in your Second Chance Settings.
What happens if my user continues or aborts their action?
If they choose to abort their action, the prompt will be closed, and the URL will not be opened. If they choose to continue, their browser will navigate to the URL they clicked on. Either action taken will be recorded in the data and reports on your console.
Additional resources you can share with your users:
- End User Guide: What is Second Chance?
- End User Video: How Second Chance Works
Data and Reports
On your Overview tab, you’ll be able to view an overview of User Actions (Continued/Aborted) over the last 24 hours and since installation. You will also be able to download a CSV file of all of the users that have Second Chance installed on their machine.
The CSV file will be downloaded to the same place that the Second Chance Training Device Installer is stored.
The Overview tab also contains two User Action graphs. These graphs can be used to see the User Action Percentages within the last 24 hours and the last 30 days.
On the URLs tab, you can review all URLs that have triggered a Second Chance prompt message to appear.
Under the Users and Devices tabs, you can drill down on the specific users and devices where Second Chance prompts have occurred.
URLs
The URLs tab will allow you to see all URLs that users have clicked on and been prompted by.
You can filter the data by the past day, past seven days, past 30 days, or all URLs. You can also sort the URLs alphabetically, by the number of times users "Continued" or "Aborted" visiting that site, and by the last time a user visited that site.
You can click on each of the URLs listed to view all details about that particular URL, including all users prompted after clicking that URL, the devices they were prompted on, and the action they took after being prompted.
You can perform a search for specific URLs by using the Search bar. In order to receive your results, make sure you click the blue Search button.
Users
The Users tab will contain all users that have been prompted by Second Chance, as well as the last device they were prompted on, the number of actions they’ve taken, and the last user action date.
Clicking on a user’s name will take you to that user’s individual report page, where you can see a list of all URLs that triggered a Second Chance prompt for the user.
For each listed URL, you’ll be able to see what action was taken by the user, when they took that action, and what device the prompt occurred on.
You can also click on the indicated device to see what other prompts occurred on that particular device.
You can perform a search for specific users by using the Search bar. In order to receive your results, make sure you click the blue Search button.
Devices
The Devices tab will contain all devices that have been prompted by Second Chance, as well as the last user that was prompted on that device, what version of Second Chance is installed and the date of the last user action on that device.
Clicking on a device will take you to that device's individual report page, where you can see a list of all URLs that triggered a Second Chance prompt on that device.
For each listed URL, you’ll be able to see what action was taken after the prompt occurred, when they took that action, and what device the prompt occurred on. You can also click on the listed device to see what other prompts occurred on that device.
You can also click on a user within the Devices list to see that the user's individual report page, showing the prompts they've received and actions they've taken.
You can perform a search for specific devices by using the Search bar. In order to receive your results, make sure you click the blue Search button.
Uninstallation
A) Standard Uninstall
On each client machine, access your Control Panel's Add/Remove Programs area to uninstall Second Chance.
B) Command-line Uninstall
On each client machine, you can use an elevated Command Prompt to enter the following command:
msiexec /q /x KB4SCSvcSetup.msi
C) Group Policy Uninstall
To uninstall Second Chance via Group Policy, you can simply edit the original .bat file that you used to set up the installation via Group Policy.
Edit the .bat file with the following:
- Change /i to /x (to uninstall)
- Remove license key
Your final .bat should look something like this:
msiexec /quiet /x \\NetworkPath\Name of Shared Folder\KB4SCSvcSetup.msi
Then, save the .bat with the same name to the same folder.
Troubleshooting
If you’ve installed through Group Policy and you are not seeing Second Chance prompts, follow the below steps on the client machine where it should be been installed:
- Check your Add/Remove Programs list for "Second Chance". If you don't see it, attempt to follow the Command Prompt instructions shown below. If you do see Second Chance in your list of Programs, move on to the next step.
- Open your Task Manager and Services applications and check to see if the following services are running. If not, you can start/restart the services so that you'll receive Second Chance prompts the next time you click a link.
- KB4SCSvc - Found in Services (Svcs)
- KB4UC - Found in Task Manager
- KB4SCWDSvc - Found in Task Manager
- Command Prompt Instructions:
- Open an elevated Command Prompt (cmd) (run as Admin) on the client device you’re attempting the install on and enter the following commands to troubleshoot:
- gpupdate /force
- This entry will force an update of Group Policy on the client machine you are logged in to.
- gpresult /r
- This entry will let you review whether or not the Group Policy you set up is being applied to the client machine you are logged in to.
- gpupdate /force
- Open an elevated Command Prompt (cmd) (run as Admin) on the client device you’re attempting the install on and enter the following commands to troubleshoot:
- Make sure you are using a UNC file path with your GPO installation (Example: \\Server\Volume\File).
- Restart the machine you're trying to install Second Chance on.
- If installing using a .bat file, it needs to be run with sufficient privileges.
- Finally, if you're still experiencing issues, you can modify your Group Policy to affect User Configuration instead of Computer Configuration.
Comments
0 comments
Article is closed for comments.