If you're using ESET Endpoint Antivirus with Web Access Protection enabled, you may experience issues with ESET either blocking our simulated phishing websites from loading or blocking our JavaScript functions within the page from executing. If JavaScript is disabled, it will interfere with interaction tracking and prevent redirection to our education page when an employee is deemed to be compromised (e.g., inputs data into the password field).
To get around these issues, please follow the below allowlisting steps:
- Open the ESET Endpoint Antivirus Administration Console.
- Go to Advanced setup > Protections > Web access protection > URL list management > Edit.
- Click on "List of allowed addresses" and then click the Edit button:
In the Edit list popup that appears, click the Add button and then enter each of the simulated phishing domains outlined below:
*.authwebmail.com* *.cmail31.com* *.securesupportcloud.com* *.webnotifications.net* *.alerting-services.com* *.onlineverify.net* *.verificationweb.net* *.portal-login.net* *.cloud-notification-services.com* *.authenticationsecure.com* vmb1fx4bod.execute-api.ap-southeast-2.amazonaws.com*
Note: The "vmb1fx4bod.execute-api.ap-southeast-2.amazonaws.com" is the endpoint (API) that CanIPhish use to capture payload interactions. It's necessary to allowlist this in ESET so that payload interactions can be successfully sent.
- Once complete, click the OK button to save all changes. You're all done!
Still experiencing issues?
If you're still experiencing issues with our simulated phishing websites either not loading, or interaction tracking not functioning, please follow the above steps again, but instead of adding our simulated phishing websites to the "List of allowed addresses" add them to the "List of addresses excluded from content scanning":
If you're still experiencing issues after this, please contact the CanIPhish support team.
Comments
0 comments
Please sign in to leave a comment.