How can I see if my users have vulnerable browser plugins installed?
Within your console, you can automatically detect what vulnerable plugins any clickers on your phishing tests have installed in their browsers. This feature is enabled as part of our Platinum subscription level.
How does it work?
Information about vulnerable plugins your users have installed on their browsers is gathered automatically during a phishing campaign. After you set up a phishing campaign, once a user fails your test and arrives to a landing page, our landing page will gather information on what plugins are installed on that user's browser. We look at the results and compare them to a database of known vulnerable plugins.
Where can I see the list of vulnerable plugins my users have?
Any browser plugins found to be vulnerable will be provided in the results of your phishing test. Beneath an individual phishing campaign, you can click on the Users tab to drill down into the detailed results of that test. The tab titled Vulnerable Plugins will show how many users were found to have vulnerable browser plugins installed.
Clicking on the red plug icon beneath the Vulnerable Plugins tab will provide admins a detailed list of what vulnerable plugins a user has installed. This view will also provide a link to any additional information we can provide about that vulnerable plugin.
The detailed reports will also show additional information about other plugins detected in that user's browser, including potentially vulnerable plugins, unknown plugins, or plugins updated to the latest known version.
From the All Users tab beneath Users, you can click on any individual user's email address to review their browser vulnerabilities as well. Once you are within an individual user's reports page, you will be able to see a red plug icon if any browser vulnerabilities were detected when they failed your phishing test. Clicking on the red plug icon will allow you to view a list of vulnerable or potentially vulnerable browser plugins detected for that user.
What if I don't see any vulnerable plugins listed despite my phishing test having lots of clickers?
The vulnerable browser plugin information provided is not a 100% audit of your users' browser vulnerabilities. There may be instances where no vulnerable plugins are detected despite having plenty of clicks on a phishing campaign. For example, if a user has the plugins turned off, or if they are using a different browser which does not appear to have vulnerable browser plugins installed.
NOTE: This feature is part of the Platinum subscription level.