Second Chance

Second Chance Product Manual

Note:Based on popular demand, we are no longer deprecating Second Chance. It will be part of Diamond-level KSAT subscriptions starting in January 2025.

Second Chance is a tool for Outlook and Microsoft 365 that gives your users a warning message before they visit a potentially unsafe or unknown website. Users who click URLs within emails, Microsoft 365 files, or PDF files will receive an alert from Second Chance. Then, the users can select whether they would like to open the link or file.

Second Chance can be installed locally or deployed through your Group Policy (GPO). You can also mark specific URLs as safe to open so that the URLs won’t trigger Second Chance alerts.

Important: Second Chance is not an endpoint protection tool and doesn’t block users from visiting websites. Second Chance helps with user behavior monitoring and security awareness training. If a user clicks a link in an email, a Microsoft 365 file, or a PDF file, the alert they receive will give them a second chance to rethink before they navigate to a website that may be dangerous.

Installation Prerequisites

Before you install Second Chance, make sure you meet the requirements listed below:

  1. You'll need to have access to a computer that meets the requirements below:
    • Uses Windows 10 or later.
    • Uses Microsoft Outlook 2013 or later.
    • Uses .NET 4.5.1 or later.
    • Port 443 TCP (HTTPS) is open outbound for HTTPS connections to training.knowbe4.com, eu.knowbe4.com, ca.knowbe4.com, de.knowbe4.com, or uk.knowbe4.com, depending on your KSAT instance. Port 443 TCP (HTTPS) is also open outbound for HTTPS connections to api.updates.knowbe4.com.
    Note:Terminal server or Citrix thin client environments are not supported, so computers that connect to a terminal server for any applications are also not supported.
    • Has at least two processors.
    • Has at least two GB of RAM.
    • Has at least one GB of hard disk drive (HDD) space available on the system drive.
    • Has User Account Control (UAC) enabled.
  2. You'll need to enable Second Chance for your KSAT account. You enable Second Chance from the Second Chance section of your KSAT Account Settings.
  3. In KSAT, you'll need to download the Second Chance Training Device Installer file from the Overview subtab of the Second Chance tab.
  4. You'll need to have the Second Chance License Key. You can find this license key in the KSAT console on the Overview subtab of the Second Chance tab.

Prompt Settings

In the Prompt Settings section, you can change the content of your prompts and modify additional prompt settings.

Before installing Second Chance, we recommend that you consider the content you would like to include in the prompt messages that appear when your users click links from emails, Microsoft 365 files, or PDF files.

Tip:If you're not ready to complete this step before installing Second Chance, you can update the prompt content at any time. Then, the next prompt your users see will match your updated settings.

Second Chance will trigger four different types of prompts. For more information, see the list below:

  1. General Prompts: For general URLs that have not been added to the No Prompt Domain list. For more information, see the General Prompt Text section below.
  2. Punycode Prompts: For Punycode links. For more information, see the Punycode Prompt Text section below.
  3. Attachment Prompts: For links clicked within Microsoft 365 files or PDF files. For more information, see the Attachment Prompt Text section below.
  4. URL Unwinding Prompts: For rewritten or shortened URLs. For more information, see the URL Unwinding Prompt section below.

To edit the content of the prompts listed above, click the Second Chance tab on the top bar, then click the Settings tab.

General Prompt Text

In the General Prompt section, you can modify the text and buttons that appear in all of your Second Chance prompts. You can modify the text in the Message Banner, Message Prompt, Continue button, and Abort button.

For more information, see the screenshot and list below:

  1. Message Banner: This banner will display at the top of the prompt. The character limit for this banner is 30 characters.
  2. Message Prompt: This text can serve as a reminder to the user to consider where the link is taking them and to check for red flags. The character limit for this banner is 255 characters.
  3. Abort Button: This button allows the user to cancel their current action and avoid opening the link they clicked. The character limit for this banner is 40 characters.
  4. Continue Button: This button allows the user to proceed with their action and open the link they clicked. The character limit for this banner is 40 characters.

Punycode Prompt Text

In the Punycode Prompt section, you can modify the Punycode Description. This description indicates that Punycode was detected in the link that the user clicked. This text will only display in the Punycode prompt.

For more information, see the screenshot and list below:

  1. Message Banner Text: This banner is displayed at the top of the prompt.
  2. Message Prompt Text: This text can remind the user to consider where the link is taking them and to check for signs that it may be dangerous.
  3. Continue Button Text: This button allows the user to move forward with their action and open the link they clicked.
  4. Punycode Description Text: This text can be used to describe the Punycode detected in a URL.
  5. Abort Button Text: This button allows the user to cancel their current action and avoid opening the link they clicked.

What is Punycode?

By using Punycode, cybercriminals can imitate the domains of popular websites. Punycode allows characters in a URL to display like regular characters while the computer reads the characters differently. For example, the link your user is clicking may display https://knowbe4.com, but the link may lead to https://xn--80ak6aa92e.com/. For more information, see Wikipedia’s Punycode webpage.

Attachment Prompt Text

In the Attachment Prompt Text section, you can modify the Attachment Description. This text only appears in the Attachment prompt, which appears when you click a link in the attachment.

For more information, see the screenshot and list below:

  1. Message Banner Text: This banner is displayed at the top of the prompt.
  2. Message Prompt Text: This text can remind the user to consider where the link is taking them and to check for signs that it may be dangerous.
  3. Continue Button Text: This button allows the user to move forward with their action and open the link they clicked.
  4. Attachment Description Text: This text can be used to describe the downloaded attachment.
  5. Abort Button Text: This button allows the user to cancel their current action and avoid opening the link they clicked.

URL Unwinding

In the URL Unwinding Prompt section, you can modify the URL Unwinding Description. This description indicates that the link that the user clicked was modified from its original source. This prompt will decode or expand the URL to display the actual URL. The text for this description will only display in the URL Unwinding prompt.

For more information, see the screenshot and list below:

  1. Message Banner Text: This banner is displayed at the top of the prompt.
  2. Message Prompt Text: This text can remind the user to consider where the link is taking them and to check for signs that it may be dangerous.
  3. Continue Button Text: This button allows the user to move forward with their action and open the link they clicked.
  4. URL Unwinding Description Text: This text can be used to introduce the decoded URL.
  5. Abort Button Text: This button allows the user to cancel their current action and avoid opening the link they clicked.

You can decode shortened URLs or rewritten URLs. For more information, see the list below:

  1. Decode Shortened URLs: This setting will unwind URLs that have been shortened through the use of common URL shortening services. For a list of all supported URL rewriters, see the What URL rewriters and shorteners is PhishER compatible with? section of our PhishER FAQ article.
  2. Decode Rewritten URLs: This setting will unwind URLs that have been rewritten by your mail or security environment. For a list of all supported URL rewriters, see the What URL rewriters and shorteners is PhishER compatible with? section of our PhishER FAQ article.

Additional Prompt Settings

In the Additional Prompt Settings section, you can modify the settings for additional prompts that display for specific types of links. These settings are enabled by default.

For more information about these settings, see the list below:

  • Do Not Prompt on Internal Links: You can use this setting to enable or disable prompts on links that appear to be navigating to your local or internal network and are not routable to another network.
  • Do Not Prompt on KnowBe4 Phishing and Training Links: This setting allows you to enable or disable prompts for KnowBe4's phish domains. When you enable this setting, your users will not see a Second Chance prompt when they click a link in a KnowBe4 simulated phishing email or training notification.
    Note:If you select the Use KnowBe4's 'No Prompt Domains' List check box, your users will not receive prompts when they click links in KnowBe4's simulated phishing and training notification emails.
  • Use KnowBe4's "No Prompt Domains" List: You can use this setting to enable or disable prompts for domains listed in your No Prompt Domain list.
    Note:By default, if you select this check box, prompts for links in KnowBe4 simulated phishing and training notification emails will also be disabled.

No Prompt Domains

From the No Prompt Domains section of the Settings subtab, you can specify URLs that your users won’t receive Second Chance prompts for visiting. From this section, you can see a list of the No Prompt Domains you've already added. If your users visit URLs with ar No Prompt Domain, the users will not be prompted by Second Chance.

No Prompt Domains can be websites that your users need to access frequently or websites that you allow your organization to use. You can add up to 1,000 domains.

Note:Adding a website to the No Prompt Domains list will also block prompts for all subdomains under the website’s domain. For example, if you added the website knowbe4.com to the list, the subdomain training.knowbe4.com would be blocked automatically. If a URL containing a subdomain is added to the list, only URLs that contain both the subdomain and the primary domain will not receive prompts. For example, if you added training.knowbe4.com to the list, only URLs that contain training.knowbe4.com will be blocked.

By clicking the blue Import link, you can open up a modal that allows you to enter domains in two different ways. For more information, see the list below:

  1. Individual Import: You can use this method to enter an individual domain to your No Prompt Domains list. Domains must be entered in the proper domain format. For example, you could enter “knowbe4.com”.
  2. CSV Import: You can use this method to import multiple domains by uploading a CSV file. The CSV file you upload must have a Domain heading. In the Domain column, you should add one domain to each cell, line by line.
Note:Domains in this CSV file must be entered in the proper domain format. If you select the Replace all check box, the domains in your new CSV file will replace all of your current No Prompt Domains.

Installation Methods

You can install Second Chance from your KSAT Account Settings, by using a command line, or by using your Group Policy. We recommend that you install Second Chance on an individual computer before deploying it to your entire organization.

For more information about the installation methods, see the subsections below.

Install from KSAT

This method allows any user that has admin permissions to install Second Chance to a local computer.

To install Second Chance by using this method, follow the steps below:

  1. Log in to your KSAT console and click the Second Chance tab.
  2. Click the Overview subtab.
  3. Download the Second Chance Training Device Installer (SecondChanceSetup.exe file).
  4. Open the downloaded SecondChanceSetup.exe file and follow the installation prompts. For more information, see the list below:
  • Accept the Second Chance License Agreement and click Install.
  • Enter your license key.
  • Click Finish to complete the installation.
  • Test the installation by opening a mail client on the computer and clicking a link in an email. You should receive a Second Chance prompt.

If you don’t receive a prompt, see the 8) I'm not receiving Second Chance prompts after installing through Group Policy question in our Second Chance: Frequently Asked Questions article.

Install with Command Line

This method allows you to install Second Chance on one computer by using a command line.

To install Second Chance by using this method, follow the steps below:

  1. Log in to your KSAT console and click the Second Chance tab.
  2. Click the Overview subtab.
  3. Download and save the Second Chance Training Device Installer (SecondChanceSetup.exe file) located on the Overview tab.
  4. Open an elevated Command Prompt window by running Command Prompt as an administrator.
  5. In the Command Prompt window, navigate to the folder where you saved the Second Chance Training Device Installer.
  6. Enter the command below:
    SecondChanceSetup.exe /q /ComponentArgs "MainInstaller":"LICENSEKEY=""[license key]"""

    Alternatively, you can install Second Chance with a proxy server by entering the command below:

    SecondChanceSetup.exe /q /ComponentArgs "MainInstaller":"LICENSEKEY=""[license key]"" PROXYSERVER=""[hostname:port]"""
    Note:Before you run the command, replace “[hostname:port]” with the hostname or IP address and the TCP port of the HTTPS proxy server. Also, replace “[license key]” with your Second Chance license key. Do not remove any of the quotation marks.
  7. Press the Enter key on your keyboard.
  8. Test the installation by opening a mail client on the computer and clicking a link in an email. You should receive a Second Chance prompt.
  9. Click on a link within an email and make sure you're receiving Second Chance prompts.

If you don’t receive a prompt, see the 8) I'm not receiving Second Chance prompts after installing through Group Policy question in our Second Chance: Frequently Asked Questions article.

Install with Group Policy

This method allows you to deploy Second Chance to specific organizational units (OUs) or your entire organization using Group Policy (GPO).

Important:We recommend that you test this method on an individual computer before deploying Second Chance to your entire domain. To test this method, you'll need to create and link your GPO to a test OU. This OU should contain the computer that you would like to test Second Chance on.

To install Second Chance to your entire domain, follow the steps below:

  1. Log in to your server as an administrator.
  2. Create a shared folder on your domain's network.
  3. Right-click the folder and open Properties.
  4. Follow the steps on the Security tab to add domain computers with Read permissions.
  5. Make sure you have Write permissions on the folder and that SYSTEM has Read & Execute permissions.
  6. Download and save the Second Chance Installer (SecondChanceSetup.exe file) to your shared folder.
  7. Create a .bat file in the shared folder by using the following lines:
    Note:Edit the fields below to match the location of the shared drive where you saved the SecondChanceSetup.exe installation file as well as your license key. Before you run the command, replace “[hostname:port]” with the hostname or IP address and the TCP port of the HTTPS proxy server. Also, replace “[license key]” with your Second Chance license key. Do not remove any of the quotation marks.
    copy /B /Y "\\NetworkPath\Name of Shared Folder\SecondChanceSetup.exe" "%TEMP%\SecondChanceSetup.exe"
    "%TEMP%\SecondChanceSetup.exe" /q /ComponentArgs "MainInstaller":"LICENSEKEY=""[license key]"""

    Alternatively, if you have a proxy server filtering outbound traffic, you can specify the proxy server within the .bat file using the following lines:

    copy /B /Y "\\NetworkPath\Name of Shared Folder\SecondChanceSetup.exe""%TEMP%\SecondChanceSetup.exe"
    "%TEMP%\SecondChanceSetup.exe" /q /ComponentArgs "MainInstaller":"LICENSEKEY=""[license key]"" PROXYSERVER=""[hostname:port]"""
    Note: Second Chance is proxy-aware and will try to connect to the internet with the proxy server specified above for the local user's account. If your proxy is configured in a way that Second Chance cannot automatically detect, you can manually specify the proxy server Second Chance will use to connect to the internet during installation.
  8. Save the .bat file in the shared folder you created. The shared folder should now contain the .exe file and the .bat file.
  9. Create a Group Policy by following the steps below:
    1. Open the Group Policy Management Tool (gpmc.msc).
    2. Click the Forest and Domains drop-down menu and then right-click your domain. For example, your domain could be “Domain.local” or “Domain.com”.
    3. Click Create a GPO in this domain, and Link it here….
    4. Follow the options on the screen to name your GPO and click OK.
    5. Right-click your new GPO and select Edit….
    6. From the Edit… drop-down menu, select Computer Configuration -> Policies -> Windows Settings.
    7. Click Scripts.
    8. Double-click Startup Scripts.
    9. On the Script tab, click Add... to open the Add a Script window.
    10. Click OK to close the Startup Properties screen.
    11. Click Browse... and select the .bat file that you created.
    12. Click Open.
    13. Click OK to save the new startup script.
    14. Click OK to close the Startup Properties screen.
    15. Close the Group Policy Management Editor. On the Group Policy Management screen, right-click your new GPO and make sure the Link Enabled check box is selected. Your GPO should now be active.
  10. Test the installation by opening a mail client on the computer and clicking a link in an email. You should receive a Second Chance prompt.

As long as the GPO is active, the .bat file will be run each time a computer that is included in the GPO starts.

If you don’t receive a prompt, see the 8) I'm not receiving Second Chance prompts after installing through Group Policy question in our Second Chance: Frequently Asked Questions article.

User Experience

For information about the user experience for Second Chance, see our Second Chance Overview article or our How Second Chance Works video.

Data and Reports

On the Overview subtab, you can view an overview of user actions over the last 24 hours and since installation. You can also click the Download CSV button to download a CSV file that lists the users who have Second Chance installed on their computers.

The CSV file will download to the folder or location where the Second Chance Training Device Installer file is stored.

The Overview tab also contains two User Action graphs. From these graphs, you can see the User Action Percentages within the last 24 hours or 30 days.

To learn about the URLs, Users, and Devices subtabs, you can view the specific users and devices where Second Chance prompts have occurred.

URLs

From the URLs subtab, you can see the URLs that users have clicked and been alerted by. You can filter the data by the past day, past seven days, past 30 days, or all URLs. You can also sort the URLs alphabetically, by the number of times users have opened a link, and by the last time a user opened a link.

You can also click each of the URLs to view more information about the URL, including all users who were prompted after clicking that URL, the computers they were using, and the action they took after being prompted.

You can also search for specific URLs with the search bar at the top of the subtab.

Users

From the Users subtab, you can view the users that have been prompted by Second Chance, the last computer they were prompted on, the number of actions they’ve taken after being prompted, and the last action date. You can also search for specific users by using the search bar.

Selecting the name of a user will take you to that user’s individual report page, where you can see a list of the URLs that caused a Second Chance prompt to display. For each URL, you can see what action was taken by the user, when they took that action, and what computer the prompt occurred on. You can also select a listed computer to see what other prompts have occurred on the computer.

Devices

From the Devices subtab, you can view information about the computers that have received Second Chance prompts, such as the last user that was prompted on each computer and the version of Second Chance that is installed on each computer.

Selecting a computer will take you to the computer's report page, where you can see a list of all URLs that triggered a Second Chance prompt on that computer. For each URL, you can see the action that the users took after the prompt occurred. You can also click the listed computer to see the other prompts that have occurred on that computer.

You can also select a user from the Devices list to see the user's individual report page, showing the prompts they've received and actions they've taken.

You can also search for specific computers with Search.

Uninstallation

You can uninstall Second Chance from the Control Panel, use a command line, or your group policy. For more information, see the list below:

  1. Control Panel Uninstall: Open your Control Panel and navigate to the Add/Remove Programs section to uninstall Second Chance. Then, repeat these steps on each computer that has Second Chance.
  2. Command-line Uninstall: Open a Command Prompt as an administrator and enter the command below:
    MsiExec.exe /X{DBEE0453-2CC5-4ECC-905A-0E5EF970B668} /qn /L*v %TEMP%\scuninstalllog.txt
  3. Group Policy Uninstall: Edit the original .bat file that you used to set up the installation with Group Policy. Replace the content in the file with the line below:
    MsiExec.exe /X{DBEE0453-2CC5-4ECC-905A-0E5EF970B668} /qn /L*v %TEMP%\scuninstalllog.txt
Note:If you're not seeing Second Chance prompts, see the 8) I'm not receiving Second Chance prompts after installing through Group Policy question in our Second Chance: Frequently Asked Questions article.

Troubleshooting

If you receive errors in Second Chance, see our Second Chance: Frequently Asked Questions article for the troubleshooting steps that we recommend.

If you continue to receive errors, you can send a folder that contains troubleshooting files to our support team.

For more information, see the subsection below.

Enable Troubleshooting File for Support

To copy a troubleshooting file to send to our support team, follow the steps below:

  1. Open your Second Chance installation folder.
  2. Double-click the support_enable_logging.bat file.
  3. In the pop-up window that opens, click Yes to allow the Troubleshooter app to make changes to your device.
  4. Note:This step enables verbose debug logging, which prompts your computer to thoroughly record the events that happen as Second Chance runs.
  5. When the Command Prompt window displays the Press any key to continue... message, press a key on your keyboard.
  6. Perform the action that caused the error to appear before you enabled verbose debug logging.
  7. When the error message appears again, write down the time and date. The time that the error occurs may help our support team troubleshoot the problem.
  8. Open your Second Chance installation folder again.
  9. Double-click the support_collect_logs.bat file.
  10. In the pop-up window that opens, click Yes to allow the Troubleshooter app to make changes to your device. Two Command Prompt windows will open and begin collecting logs, and a System Information window will open and display a progress bar.
  11. When the Command Prompt window displays the Press any key to continue... message, press a key on your keyboard.
  12. In your Second Chance installation folder, a new directory named TroubleshooterReport will be created. Compress this directory as a zipped file.
  13. Send the TroubleshooterReport zipped file to our support team.
Note: Verbose debug logging will automatically be disabled after three days.

Can't find what you're looking for?

Contact Support