Mark Phishing Failures as False Positive

Completed

Keith Bull

October 13, 2017 12:32

 Hello,

It is not uncommon for our users to forward simulated phishing emails to our tech staff team to evaluate before they open or click. Sometimes our tech team doesn't realize that it is a KnowBe4 test and will run the email or attachment through VirusTotal.com, or a similar service, which "opens" the attachment and marks the user as failed.

To me this is not a true failure and I would love to be able to mark these as such so they don't report negatively against the user and the organization.

Thank you,

Keith Bull

5

• Official comment

  

  Lauren Ashley October 13, 2017 18:20

  Hi Keith,

  Thank you for your input.  I noticed that you created a support ticket and our Support Team has submitted a feature request on your behalf.  Feel free to share any other feedback here if you'd like!

  Thanks again!

  Lauren
  KnowBe4

  Comment actions Permalink
• 

  Jason Smith November 28, 2017 15:30

  I have a scenario very similar to the one Keith has described. As an administrator, I would like to have a method to amend individual fails without compromising the integrity of the product.

  2

  Comment actions Permalink
• 

  Katie Brennan November 29, 2017 16:50

  Hi Jason,

  Thank you for your message. I will add to the initial request sent in for Keith that you'd also like to see a way to amend false positives in your KnowBe4 console.

  Thank you!

  Katie
  KnowBe4

  0

  Comment actions Permalink
• 

  Scott Langley December 07, 2017 20:35

  Please also add me to the feature request.  We are running our first phishing campaign and have notice that if the user forwards the email to the "offending" company's security or abuse email addresses, many larger companies will automatically send these emails through detection systems that open and scan the email, links, and attachments.

  A way to not penalize a user for doing the right thing is really needed.

  2

  Comment actions Permalink
• 

  Lauren Ashley December 11, 2017 16:41

  Hi Scott,

  Thank you for your request. I have forwarded this additional request to our Development Team, informing them of your desire to be able to amend false positives in the console, for situations such as yours.

  Thank you!

  Lauren
  KnowBe4

  0

  Comment actions Permalink
• 

  Kyle Parrish December 12, 2017 13:37

  Good morning,

  I would like to +1 this request as we have had multiple false/positive clicks that we would like to be able to correct. This is usually a result of the security team checking the links and as a result the original recipients will be tagged as a "clicker."

  Thank you.

  1

  Comment actions Permalink
• 

  Lauren Ashley December 12, 2017 16:30

  Hi Kyle,

  I have submitted your additional request to our Development Team for review. Thank you for your contribution!

  Best,

  Lauren
  KnowBe4

  0

  Comment actions Permalink
• 

  Alan Lloyd February 28, 2018 00:25

  Please add me to this feature request. I would like to be able to amend individual failures as false-positives.

  1

  Comment actions Permalink
• 

  Harvie Rollins March 06, 2018 13:28

  +1 here as well as the all the above users. 

  We have to keep a record of accurate test campaigns "offline" due to not having the ability to mark a test failure as a false positive or exception. 

  As someone mentioned even if KB4 test mails are set to bypass a customers mail security solutions, there are then lots of scenarios after delivery to the end users mailbox where a false positive click/attachment download/etc can be triggered.  Another example is users reporting it as phishing to Microsoft (Office 365).

  1

  Comment actions Permalink
• 

  Laura Howey March 14, 2018 16:21

  I really need this feature as well. When is it planned for release?

  0

  Comment actions Permalink
• 

  Lauren Ashley March 15, 2018 14:59

  Hi Laura!

  Thank you for your interest in this feature request! Unfortunately, I cannot provide a planned date for the release of this feature, but I'll be sure to let our Development Team know that you are highly interested the capability to remove false clicks.

  In the meantime, feel free to start a support ticket here if you want to make certain all whitelisting efforts have been properly implemented –in efforts to prevent false clicks on your phishing campaigns.

  If you have any other ideas feel free to share!

  Thanks again!

  Lauren
  KnowBe4

  0

  Comment actions Permalink
• 

  Harvie Rollins July 09, 2018 08:32

  Lauren,

   

  Any update from the Dev Team on this, its been 4 months since your last post, an update for the KB4 Community on this would be good?

  Thanks in advance.

  0

  Comment actions Permalink
• 

  Natalie Koly July 09, 2018 14:11 (Edited July 09, 2018 14:13)

  Hi all,

  We are happy to announce that the ability to remove failures is now available in the console! You can now remove a failure using one of two methods:

  Method #1 - From the Phishing Campaign Report
  Method #2 - From the Affected User's Timeline on Their Profile Page

  Visit the link below for more information:

  https://support.knowbe4.com/hc/en-us/articles/360001214287-How-to-Remove-Failures-from-Phishing-Reports

  2

  Comment actions Permalink

Please sign in to leave a comment.