Team: Huntress Managed Security Awareness Training (SAT)
Product: Microsoft Defender SmartScreen
Summary: Allow listing phishing domains in Microsoft Defender SmartScreen can help prevent Huntress SAT phish emails from incorrectly being marked as malicious.
At times, Microsoft Defender SmartScreen will mark Huntress SAT simulated phishing domains as malicious, preventing learners from navigating to our simulated phishing landing pages unless they click through a browser warning.
There are two methods that can be used to prevent our landing pages from being blocked by Microsoft Defender SmartScreen.
In this Article
Method 1: Microsoft Defender Indicators
For those who use Microsoft Defender for Endpoint
Method 2: Group Policy
For those whose endpoints are domain joined but do not use Microsoft Defender for Endpoint
SAT Phishing Domains
Method 1: Microsoft Defender Indicators
Use this method if you use Microsoft Defender for Endpoint. If your endpoints are domain joined but you do not use Microsoft Defender for Endpoint, use Method 2: Group Policy instead.
- As a security administrator, browse to the Endpoint Security Settings in your Microsoft Defender management portal.
- Select “Indicators” from the sub-menu
- Select the “URLs/Domains” tab
- Click the “Add Item” button
- In the URL/Domain field, enter the Huntress SAT simulated phishing domain(s). Enter a helpful title and description like the ones below. Choose the expiry of your choice. Then click “Next”
- Ensure the “Allow” action is selected, then click “Next”
- Click through the rest of the steps to deploy this indicator to your learners. Allow 24 hours before sending a phishing campaign to your learners to ensure phishing landing pages load.
Method 2: Group Policy
Use this method if you do not use Microsoft Defender for Endpoint. If your endpoints are domain joined but you do use Microsoft Defender for Endpoint, use Method 1: Microsoft Defender Indicators instead.
Use the SmartScreenAllowListDomains group policy to define a list of domains that Microsoft Defender SmartScreen will allow without triggering warnings.
SAT Phishing Domains
- securitynotifications.org
- security-updater.com
- amazonsecurity.org
- breach-notice.com
- filesharingnow.com
- mailbox-quota.com
- passwordsnotification.com
- securelinkedin.com
- fraud-assistance.com
- payment-process.com
- news-article.com
- invite-meeting.com
- feedback-collect.com
- businessnotice.org
- databoxonline.com
- electronic-hr.com
- emailtransaction.com
- employee-services.org
- governmentnotice.org
- notificationservices.org
For more information about Microsoft allow list requirements, be sure to view the Microsoft Catch-All Exclusion Guide.