Google

Share

Is this article helpful?

Last updated:

Whitelist by Google Safebrowsing in Google Chrome

Important:Whitelisting by Safe Browsing requires our root Phish Link Domains and Landing Domains. You can access our root Phish Link Domains in your KSAT console, but you must contact KnowBe4 support for an updated list of our Landing Domains. See our What's the Difference Between Phish Link Domains and Landing Domains article for more information.

Domains that are used in our phishing security tests (PSTs) are occasionally flagged by Google Safe Browsing lists, which classify them as malicious, social engineering, phishing, or deceptive login pages. KnowBe4 continuously works to remove these domains from Safe Browsing lists. However, once a domain has been placed on these lists, a warning banner could appear when the link is clicked. The banner may prevent a user from navigating to phishing links or landing pages when they fail a phishing test.

Implementing a Safe Browsing whitelist that includes our phish link domains and landing domains will make sure your users are not presented with warning messages and will allow clicks to report successfully. The Safe Browsing whitelist can be applied across multiple platforms for the Chrome browser, including Windows, macOS, and Chrome-based operating systems.

Requirements for Safe Browsing Whitelisting

These system requirements were obtained from Google Enterprise’s official documentation. For more information, see Google’s Safe Browsing Allowlist Domains article.

For Windows, this functionality is available on the following instances:

  • Instances that are joined to a Microsoft® Active Directory® domain.
  • Instances running on Windows 10 Pro.
  • Instances that are enrolled in Chrome Browser Cloud Management.

For macOS, this functionality is available on the following instances:

  • Instances that are managed via MDM.
  • Instances that are joined to a domain via MCX.

Safe Browsing Whitelisting for Windows

When whitelisting with Safe Browsing on Windows, you will need to use a Group Policy Object (GPO). To apply a bypass on Windows, you will need to implement policy via a GPO for Chrome. See below for instructions on how to apply a bypass.

  1. Download the Chrome ADMX templates. To access these templates, see Google’s Set Chrome Browser policies on managed PCs article and navigate to the Windows section.
  2. Install the ADMX templates on the domain controller. The ADMX templates will then be available to assign via GPO.
  3. Within the GPO Editor, navigate to Computer ConfigurationAdministrative TemplatesGoogleGoogle ChromeSafe Browsing SettingsConfigure the list of domains on which Safe Browsing will not trigger warnings.
  4. Within the setting configuration, select Enabled. Then, select Show to see the list for configuration.
  5. Add the root domains of the phish link and landing domains that are used in your PSTs. Domains are listed using the syntax: example.com
  6. Click OK, then click Apply.
  7. Click OK again.

Once you restart your Chrome browser, navigate to Chrome://Policy to verify the policy was installed successfully.

Safe Browsing Whitelisting for macOS

To push the whitelisting policy on macOS, you will need to edit any existing Google Chrome .plist files that are pushed to your machines. The edited .plist files will need the entries listed in Step 2 below. A new policy can also be created to push via MDM solutions. See below for instructions on both of these procedures.

  1. Create a .plist file and open it in the editor of your choice. You can use the sample file attached here: Sample File
  2. Edit the entries in the .plist file to list the Phish Link Domains and Landing Domains that are used in your PSTs. Each root domain is a <string> entry in the <array>, which is listed under the <key>Safe BrowsingAllowlistDomains</key> entry.
  3. Save the .plist file and use a converter, such as mcxToProfile, to convert this file into a system policy.
  4. Deploy the policy to the machine via MDM.

Once you restart your Chrome browser, navigate to Chrome://Policy to verify the policy was installed successfully.

Safe Browsing Whitelisting for Chrome Profile

To push the whitelisting policy on machines managed by Chrome, or Chrome-based devices, you will need to edit the following settings in your Google administrator console:

  1. Open your Google Admin portal.
  2. Navigate to DevicesChromeSettingsUsers & browsersSafe browsing allowed domains.
  3. Enter the root domains of the Phish Link Domains and Landing Domains that are used in your PSTs. Please enter one domain per line.
  4. Click Save.

Navigate to Chrome://Policy to verify the policy was installed successfully. This policy is locally applied to the browser or machine depending on your existing Chrome management configuration.

For further assistance with this feature, please contact our support team and they will be happy to help.

Was this article helpful?

6 out of 6 found this helpful

Can't find what you're looking for?

Contact Support