Team: Huntress Managed Security Awareness Training (SAT)
Product: Microsoft Defender SmartScreen
Summary: Allow listing phishing domains in Microsoft Defender SmartScreen can help prevent Huntress SAT phish emails from incorrectly being marked as malicious.
Overview
At times, Microsoft Defender SmartScreen will mark Huntress SAT simulated phishing domains as malicious, preventing learners from navigating to our simulated phishing landing pages unless they click through a browser warning.
There are two methods that can be used to prevent our landing pages from being blocked by Microsoft Defender SmartScreen.
In this Article
Method 1: Microsoft Defender Indicators
For those who use Microsoft Defender for Endpoint
Method 2: Group Policy
For those whose endpoints are domain joined but do not use Microsoft Defender for Endpoint
SAT Phishing Domains
Method 1: Microsoft Defender Indicators
Use this method if you use Microsoft Defender for Endpoint. If your endpoints are domain joined but you do not use Microsoft Defender for Endpoint, use Method 2: Group Policy instead.
- As a security administrator, browse to the Endpoint Security Settings in your Microsoft Defender management portal.
- Select “Indicators” from the sub-menu
- Select the “URLs/Domains” tab
- Click the “Import” button
- Download the Huntress SAT Indicators Import CSV file (attached at the bottom of this guide
- Click the “Choose File” button and choose the CSV you downloaded in the previous step
-
Click the “Import” button
- Click the “Done” button, then refresh the page
- You should now see all 20 domains listed in the URLs/Domains list. Allow 24 hours before sending a phishing campaign to your learners to ensure phishing landing pages load.
Method 2: Group Policy
Use this method if you do not use Microsoft Defender for Endpoint. If your endpoints are domain joined but you do use Microsoft Defender for Endpoint, use Method 1: Microsoft Defender Indicators instead.
Use the SmartScreenAllowListDomains group policy to define a list of domains that Microsoft Defender SmartScreen will allow without triggering warnings.
SAT Phishing Domains
- securitynotifications.org
- security-updater.com
- amazonsecurity.org
- breach-notice.com
- filesharingnow.com
- mailbox-quota.com
- passwordsnotification.com
- securelinkedin.com
- fraud-assistance.com
- payment-process.com
- news-article.com
- invite-meeting.com
- feedback-collect.com
- businessnotice.org
- databoxonline.com
- electronic-hr.com
- emailtransaction.com
- employee-services.org
- governmentnotice.org
- notificationservices.org
For more information about Microsoft allow list requirements, be sure to view the Microsoft Catch-All Exclusion Guide.