Microsoft Report Message
My organization is utilizing the Report Message button for quite some time with its automated investigation response.
Are there any other people out there that are using knowbe4 like this and are showing false positives on clicks?
We are very hesitant in changing out the button for knowbe4's since our users are finally starting to become comfortable with it and we would lose out with the investigation piece.
-
Virallinen kommentti
Hi All,
Thank you for your comments and posts regarding this issue! This is something we commonly assist our customers with in the technical support department. To receive technical assistance, please submit requests to https://support.knowbe4.com/hc/en-us/requests/new and a Technical Support Agent will be able to assist you!
At this time, Microsoft's report as phishing button does not connect well with the KMSAT console and does create false positives. This is because Microsoft will sandbox and detonate any "malicious" content when scanning emails that have been reported. At this time, we do recommend not using that button as it will create False-Positives, and we suggest using the Phish Alert Button instead. For more information on the PAB, please see https://support.knowbe4.com/hc/en-us/articles/208969608-Phish-Alert-Button-PAB-Product-Manual.
Thank you for reaching out and we hope to assist you soon!
Thank you,
Kommenttitoiminnot -
I believe you would need to tell Microsoft to find a way to not scan the individualized links in emails with KnowBe4 headers in them...which, unfortunately, I do not believe there is any functionality admin-wise to do this as it's all on Microsoft's end what they do after that button is clicked.
Those "Scans" by Microsoft are done all over the world with various browser agents and the links are "opened" which registers a click.
You can Automate reporting back with the KnowBe4 button with PhishER, we went down that road and only occasionally get an issue with some Microsoft Safelinks rewrites and Forwarded emails but we have stopped that practice with most people. I realize that's extra cost to a free tool, but we found it invaluable.
-
We are struggling with the same issue. We recently dropped PhishER and have migrated to Microsoft's Report Message functionality (from PAB) because of its robust automated investigation response. Safe Links does not come into play for simulated messages because KnowBe4 is set up to direct inject messages into user mailboxes. Yet, Microsoft is exploding the reported message in a manner that is causing false positive clicks. I have yet to find a way to "whitelist" the domains--seems like it's out of our control.
I see that there is a feature request for PAB to report to Microsoft, but it doesn't look like there has been movement on it for over two years. I'm not holding my breath. I'm also not keen on switching our user base back to the PAB.
Kirjaudu sisään jättääksesi kommentin.
Kommentit
3 kommenttia