Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 10 subscribers
  • Views 6551 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Credential Harvesting being stopped by Windows Defender SmartScreen

Robert Barnes

It's good but it's bad.

I've bypassed all domain and URL filtering successfully in Office 365/ATP. However, when a user clicks the link it's still getting caught by 

Windows Defender SmartScreen. It looks like any GPO settings are all or nothing and we certainly don't want to disable this across the entire domain.
 
Had anyone else ran into this issue. Credential harvesting campaigns are something we really want to start using.
 


This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Apologies for this inconvenience, Smart Screen is a function of Windows Defender and Sophos has no control over this.

    Are you able to create a Windows Defender exception or whitelist for the Phish Threat URLs/IPs?

    Additionally, if you are using our Sophos Endpoint Anti-Virus, it is recommended to disable other AV products as they could conflict or cause performance issues.

    Regards,

Reply
  • 0

    Hi  

    Apologies for this inconvenience, Smart Screen is a function of Windows Defender and Sophos has no control over this.

    Are you able to create a Windows Defender exception or whitelist for the Phish Threat URLs/IPs?

    Additionally, if you are using our Sophos Endpoint Anti-Virus, it is recommended to disable other AV products as they could conflict or cause performance issues.

    Regards,

Children