Trend Micro - Securing Your Journey to the Cloud Business
Support
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Allowing KnowBe4 phishing campaign emails to end-users with Hosted Email Security (HES)

    • Updated:
    • 1 Sep 2020
    • Product/Version:
    • Hosted Email Security
    • Platform:
    • N/A
Summary

KnowBe4 Phishing Campaign is a simulated phishing test that aims to train end-users to become vigilant when checking their emails.

An issue has been reported wherein the result of KnowBe4 Phishing Campaign incorrectly returns a 100% click-rate, even though the customer is certain that not all of their end-users would have clicked on the test email as some employees are absent when they simulate the campaign.

Details
Public

To resolve the issue, deliver KnowBe4 campaigns without scanning the URLs on the test email.

  1. On the Hosted Email Security (HES) console, go to Inbound Protection > Policy Objects > Keyword Expressions.

  2. Create a new keyword expression for KnowBe4. 
    1. Set Match to Any Specified.
    2. Click the Add button.
    3. Enter the following keywords/phrase:
      • KnowBe4
      • This is a phishing security test from KnowBe4 that has been authorized by the recipient organization.
    4. Click Save.

  3. Go to your policies and select Inbound Protection > Policy.
  4. Choose the domain where you want to apply the policy to, and then click Add.

  5. Under the Basic Information Setting, set a name for your new policy and tick Enable.

  6. Under the Recipients and Senders, set the following:
    1. In the Recipients section, choose My domains and select from the available domains, then click Add.
    2. In the Senders section, choose Anyone to use any email addresses for a rule, since KnowBe4 uses random email addresses to send its phishing campaign emails.
  7. Under the Scanning Criteria, configure the following:
    1. Click Advanced.
    2. Enable the Specified header matches checkbox.
    3. Click keyword expressions link. It will show a new window where you can select the keyword expression you created earlier.

    4. Under Specified Header Matches, select Other and type "X-PHISHTEST".
    5. Choose the keyword expression you have created and click Add.
    6. Click Save.

  8. Under the Actions setting, choose the intercept action to Deliver now.

  9. Review the summary of your policy. It should look similar below:

  10. Make this new policy as the first rule on your list of policies in order for it to take precedence before the other policies. Click the up arrow button to move this rule to the top of your policy list.

In this case, if the keyword was matched, the email would not go through the rest of the policies and it would get delivered immediately to the end-user. No attachment, URL, or other content will be further checked by HES.

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000266725
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.