Outlook PAB (Client)

Share

Is this article helpful?

Last updated:

Microsoft Outlook (EXE Version) Phish Alert Button (PAB) Product Manual

The Phish Alert Button (PAB) for Microsoft Outlook (PAB for Outlook) is an add-in for the Windows version of Microsoft Outlook that allows users to report suspicious emails with a single click. When your users click the PAB, they can help warn your IT team about potential phishing attacks or malicious messages.

Tip:If you have a paid account and use our phishing features, the PAB will also track if your users report our simulated phishing emails. You can see which users are successfully identifying potentially malicious emails.

For information about downloading the PAB for Microsoft Outlook from your KSAT Account Settings, see our Phish Alert Button (PAB) Product Manual.

Installation Prerequisites

In order to install the PAB for Outlook, you will need to download the PhishAlertButtonSetup.exe file and have your License Key available. This information can be found in your KSAT Account Settings under Account Integrations > Phish Alert. For more information about locating the EXE file and License Key, see the Enable and Configure PAB section of our Phish Alert Button Product Manual.

You will also need to have administrative permissions on the computer you use to install the PAB for Microsoft Outlook. The computer you use must meet the following requirements:

  • Uses Windows 10 or later.
  • Uses classic Microsoft Outlook 2021 or later.
  • Uses .NET Framework version 4.7.2 or later.
  • Port 443 TCP (HTTPS) is open outbound for HTTPS connections to training.knowbe4.com, eu.knowbe4.com, ca.knowbe4.com, de.knowbe4.com, or uk.knowbe4.com, depending on your KSAT instance. Port 443 TCP (HTTPS) is also open outbound for HTTPS connections to api.updates.knowbe4.com.
  • Has at least two GB of RAM.
  • Has at least one GB of hard disk drive (HDD) space available on the system drive.
  • Has User Account Control (UAC) enabled.
Important:The new Microsoft Outlook for Windows does not support the PAB for Outlook add-in. For more information about the new Outlook for Windows, see Microsoft's Getting started with the new Outlook for Windows Getting started with the new Outlook for Windows (link opens in new window) article. To use the PAB with the classic Microsoft Outlook for Windows, you can turn off the New Outlook toggle button in the toolbar at the top of your Outlook page. For more information about switching from the new Outlook to classic Outlook, see Microsoft's Toggling out of the new Outlook for Windows preview Toggling out of the new Outlook for Windows preview (link opens in new window). To use the PAB with the new Microsoft Outlook, you must install the Hybrid PAB. For more information about the Hybrid PAB, see our Hybrid Phish Alert Button (PAB) Product Manual.

Installation Methods

You can download the installer kit from your KSAT Account Settings.

You can use three different methods to install the EXE PAB. You can install the EXE PAB either by using the setup wizard, command line, or Group Policy. To learn more about the different installation methods and to choose the best method for your organization, see the subsections below.

Note:We recommend that you inform your users about the PAB before you make it accessible. To learn about informing your users, see our Best Practices: Phish Alert Button (PAB) Implementation article. You can also send our Phish Alert Button (PAB) in Microsoft Outlook Guide article to your users.

Install from the Setup Wizard

The standard installation method allows any user with administrator permissions to install the EXE PAB. This method will install the EXE PAB on the computer that you’re using for the installation.

Note:Before you begin this installation, remember to download the PhishAlertButtonSetup.exe file and locate your License Key in your KSAT Account Settings.

To begin this installation, follow the steps below:

  1. Double-click the downloaded PhishAlertButtonSetup.exe file to open the setup wizard.

  2. Follow the wizard by pressing the Next or Install buttons, as prompted.

  3. In the KnowBe4 Phish Alert Button window, enter the License Key from your KSAT Account Settings.

    Installer License Key

  4. Click the OK button.

Install with Command Line

The command-line installation method allows you to install the PAB for Outlook on the computer that you’re using for the installation.

To install the PAB for Outlook with this method, run Command Prompt as an administrator and copy and paste the following command:

PhishAlertButtonSetup.exe /q /ComponentArgs "MainInstaller":"LICENSEKEY=""[license_key]"""

Here is an example of what it will look like once the license key is added:

PhishAlertButtonSetup.exe /q /ComponentArgs "MainInstaller":"LICENSEKEY=""US123456789123456789123456789123YZ"""
Important:Replace [license_key] with your license key. You can find your license key in your KSAT Account Settings. Do not remove any of the quotation marks.

Alternatively, if your computer uses an HTTPS proxy server to connect to the internet, you need to specify this HTTPS proxy server. To use this method, copy and paste the following command:

PhishAlertButtonSetup.exe /q /ComponentArgs "MainInstaller":"LICENSEKEY=""[license_key]"" PROXYSERVER=""[hostname:port]"""

Here is an example of what it will look like once the license key and hostname:port are added:

PhishAlertButtonSetup.exe /q /ComponentArgs "MainInstaller":"LICENSEKEY=""US123456789123456789123456789123YZ"" PROXYSERVER=""192.168.0.1:808"""
Note:Replace [hostname:port] with your HTTPS proxy server's hostname and port, and replace [license_key] with your license key. Do not remove any of the quotation marks. You can find your license key in your KSAT Account Settings.

Install with Group Policy

The Group Policy installation method allows you to install and deploy the PAB for Outlook organization-wide.

Tip:We recommend deploying the PAB for Outlook to one computer before deploying it to the whole organization.

To begin the installation, follow the steps below:

  1. Create a shared folder on a server. For example, \\server\deploy.
  2. Right-click the shared folder and select Properties.

  3. Under the Security tab, add Domain Computers with Read permissions.

    Note:Make sure you have Write permissions to the folder and that SYSTEM has Read & Execute permissions.
  4. Copy the file PhishAlertButtonSetup.exe file into this folder.
  5. Create a batch file named phishalert.bat in the \\server\deploy directory.

  6. Make sure the file contains the following lines:

    copy \\server\deploy\PhishAlertButtonSetup.exe "%TEMP%\PhishAlertButtonSetup.exe"

"%TEMP%\PhishAlertButtonSetup.exe" /q /ComponentArgs "MainInstaller":"LICENSEKEY=""[license_key]"""

    Here is an example of what it will look like once the license key is added:

    copy \\server\deploy\PhishAlertButtonSetup.exe "%TEMP%\PhishAlertButtonSetup.exe"

"%TEMP%\PhishAlertButtonSetup.exe" /q /ComponentArgs "MainInstaller":"LICENSEKEY=""US123456789123456789123456789123YZ"""
    Tip:If you have an HTTPS proxy server, you can specify the HTTPS proxy server within the .bat file by entering the following lines:
    copy \\server\deploy\PhishAlertButtonSetup.exe "%TEMP%\PhishAlertButtonSetup.exe"

"%TEMP%\PhishAlertButtonSetup.exe" /q /ComponentArgs "MainInstaller":"LICENSEKEY=""[license_key]"" PROXYSERVER=""[hostname:port]"""

    Here is an example of what it will look like once the license key and hostname:port are added:

    copy \\server\deploy\PhishAlertButtonSetup.exe "%TEMP%\PhishAlertButtonSetup.exe"

"%TEMP%\PhishAlertButtonSetup.exe" /q /ComponentArgs "MainInstaller":"LICENSEKEY=""US123456789123456789123456789123YZ"" PROXYSERVER=""192.168.0.1:808"""
    Note:Use this PROXYSERVER switch during installation to manually specify the HTTPS proxy server PAB for Outlook will use to connect to the internet.
  7. Save the .bat file in the shared folder you created. The shared folder should now contain the .exe file and the .bat file.
  8. Create a Group Policy. To create a Group Policy, follow the steps below:
    1. Open the Group Policy Management Tool (gpmc.msc).

    2. Click the Forest and Domains drop-down menu and then right-click your domain.

      Note:These steps will deploy the PAB for Outlook to your whole domain. Before deploying to your entire organization, we recommend testing this Group Policy on a single test organizational unit (OU). To complete this test, you can use a test computer within the test OU. Testing will allow you to ensure that PAB for Outlook is deployed properly.
    3. Click Create a GPO in this domain, and Link it here....
    4. Follow the options on the screen to name your GPO and click OK.
    5. Right-click your new GPO and select Edit...
    6. From the Edit... drop-down menu, select Computer Configuration > Policies > Windows Settings.
    7. Click Scripts (Startup/Shutdown).
    8. Double-click Startup.
    9. On the Startup tab, click Add... to open the Add a Script window.
    10. Click Browse..., locate the shared folder, and select the .bat file that you created.
    11. Click Open.
    12. Click OK to save the new startup script.
    13. Click OK to close the Startup Properties screen.
    14. Close the Group Policy Management Editor.
    15. On the Group Policy Management screen, right-click your new GPO and ensure there is a checkmark next to Link Enabled. Your GPO should now be active.
Note:Each time a computer that is subject to the GPO starts, the .bat file will run.

To verify that the PAB for Outlook installed successfully, open Outlook on a computer where the PAB for Outlook should be installed. If the installation was successful, you should see the Phish Alert button on the Home tab of the Outlook toolbar. For more information, see the User Experience section of this article.

Note:If you do not see the Phish Alert button, or if you would like to confirm that your group policy was created, read the Troubleshoot Installation with Group Policy section of this article.

Install to Shared Mailboxes

If you’ve already installed the EXE version of the PAB for Outlook to your organization with group policy, it will automatically be deployed to your shared mailboxes. For more information, read the Install with Group Policy section of this article.

Uninstallation

To remove the PAB for Outlook, you can uninstall the program from the Control Panel, use a command line, or use your Group Policy. For more information, see the list below:

  1. Control Panel Uninstall: On each computer where the PAB for Outlook is installed, access your Control Panel's Add/Remove Programs area to uninstall the KnowBe4 Phish Alert Button.

  2. Command-line Uninstall: Open a Command Prompt as an administrator and enter the following command:

    MsiExec.exe /X{F4410196-6904-4B3D-B8BC-D92EB60C9431} /qn /L*v "%TEMP%\poeuninstalllog.txt"
  3. Group Policy Uninstall: Edit the original .bat file that you used to set up the installation with Group Policy. Replace the content in the file with the uninstall command line shown above.

User Experience

Once installed, the PAB for Outlook will add the Phish Alert button to the Outlook Home tab.

If users right-click an email from the Inbox folder, the Phish Alert option will also be available in the context menu.

Phish Alert option when you right-click email in Outlook

A user can report any email as a phishing email. Once reported, the user will see one of the confirmation messages below:

  1. If the email was a simulated phishing email from us, a pop-up confirmation message will display to tell the user that they correctly identified a simulated phishing attack. This will be reflected in your KSAT console as a reported email.

  2. If the email was not a simulated phishing email, a pop-up confirmation will display to thank the user for reporting the email. Then, the reported email will be forwarded to the email addresses set in your Account Settings and attached as an EML file for analysis. You can also choose to have a copy of the email forwarded to us for research and analytic purposes. We encourage you to enable this option. For more information, see the Enable and Configure PAB section of our Phish Alert Button (PAB) Product Manual.

The reported email will be in the user's Sent Items folder as a forwarded message and deleted from the user's Inbox. If the user incorrectly reported the email, they can retrieve it from their Deleted items and Trash folders.

Note: The PAB uses Campaign Recipient ID (CRID) validation to detect whether or not an email that is marked with a CRID header is a simulated phishing email. If a message has a valid CRID and is reported for the first time (within the past hour) from the same account where the PAB was installed, it will be treated as simulated. A simulated message will be deleted and only shown as reported in the console instead of forwarded to PhishER.

Using the PAB EXE With the PAB Web Add-In

If your organization deploys both the PAB EXE and either the Hybrid PAB or the Microsoft Ribbon PAB to the same Outlook client, Classic Outlook for Windows automatically hides the web add-in's Report Phishing button when the PAB EXE is installed and connected at startup. Users see only one button, regardless of which PAB versions are deployed to their machine.

When the PAB EXE is uninstalled, the web add-in button reappears automatically the next time the user restarts Microsoft Outlook.

Supported Environments

This behavior applies to Classic Outlook for Windows, version 2102 or later, with one of the following Microsoft Exchange backends:

  • Exchange Online
  • Exchange Server 2019 Cumulative Update 10 or later
  • Exchange Server 2016 Cumulative Update 21 or later

Note: The duplicate-button suppression doesn't apply to Classic Outlook for Windows earlier than version 2102. Users on earlier versions may see multiple buttons.

Workaround for Unsupported Environments

If your organization includes users on unsupported platforms, we recommend segmenting your PAB deployment by Microsoft Outlook version. Deploy the PAB EXE to users on supported versions of Classic Outlook for Windows, and deploy the PAB Web Add-in to users on unsupported platforms.

Troubleshooting

If you installed and deployed the PAB for Outlook and the Phish Alert button is not available, or if you receive an error message, follow the recommended troubleshooting steps.

Troubleshoot Installation with Group Policy

If you installed the PAB for Outlook by using the Group Policy method and do not see the Phish Alert button, follow the steps below:

  1. Check your Add/Remove Programs list for the KnowBe4 Phish Alert Button. If you don't see this button, attempt to follow the Command Prompt instructions in step three below. If you see KnowBe4 Phish Alert Button on this list, continue to the next step.
  2. Open the Services application, services.msc, and check to see if the KnowBe4 Phish Alert Button OpManager Service (poeopmanager) service is running. If not, start the service or restart the computer.
  3. Open an elevated Command Prompt window on the computer you’re attempting to install the PAB for Outlook on. To confirm that your group policy was created and applied, enter the commands listed below:
    • gpupdate /force: This command will force a Group Policy update on the computer you're logged in to.
    • gpresult /r: This entry will let you review whether or not the Group Policy you set up is being applied to the computer you're logged in to.
  4. Make sure you're using a UNC file path with your GPO installation. For example, a UNC file path could be “\\Server\Volume\File”.
  5. Restart the computer.

Enable Troubleshooting File for Support

If you followed the recommended troubleshooting steps and still receive an error, you can send a folder that contains troubleshooting files to our support team. To obtain the troubleshooting file, follow the steps below:

  1. Open your PAB for Outlook installation folder.
  2. Double-click the support_enable_logging.bat file.

  3. In the pop-up window that opens, click Yes to allow the Troubleshooter app to make changes to your device.

    Note:This step enables verbose debug logging, which prompts your computer to thoroughly record the events that happen as the PAB for Outlook client runs.
  4. When the Command Prompt window displays the Press any key to continue... message, press a key on your keyboard.
  5. Perform the action that caused the error to appear before you enabled verbose debug logging.
  6. When the error message appears again, write down the time and date. The time that the error occurs may help our support team troubleshoot the problem.
  7. Open your PAB for Outlook installation folder again.
  8. Double-click the support_collect_logs.bat file.
  9. In the pop-up window that opens, click Yes to allow the Troubleshooter app to make changes to your device. Two Command Prompt windows will open and begin collecting logs, and a System Information window will open and display a progress bar.
  10. When the Command Prompt window displays the Press any key to continue... message, press a key on your keyboard.
  11. In your PAB for Outlook installation folder, a new directory named TroubleshooterReport will be created. Compress this directory as a zipped file.
  12. Send the TroubleshooterReport zipped file to our support team support team (link opens in new window).
Note:Verbose debug logging will automatically be disabled after three days.

Was this article helpful?

6 out of 9 found this helpful

Can't find what you're looking for?

Contact Support