LogoLogo
Get Demo
  • 💫NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • Microsoft Page View Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Integrating Microsoft Defender with Keepnet Phishing Reporter
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • Understanding the Phishing Reporter and Diagnostic Tool
  • Essential Whitelisting Checklist for Security Software
  • Whitelisting Procedures for Various Security Products
  • 1. Symantec Antivirus
  • 2. Palo Alto Proxy
  • 3. Forcepoint DLP
  • 4. CrowdStrike Falcon
  • Need Help? Contact Support Team

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Miscellaneous
  3. Whitelisting

Keepnet Tools Whitelisting Guidelines

PreviousWhitelisting the Pictures on Microsoft Outlook AppsNextUnderstanding Email Delivery Errors

Last updated 1 year ago

Was this helpful?

It's important to note that both the Phishing Reporter and Diagnostic Tool are legitimate and secure applications developed by Keepnet Labs. They have been thoroughly tested and should not trigger any issues with Antivirus or Endpoint Detection and Response (EDR) solutions under normal circumstances.

However, specific configurations or strict policies within Antivirus, EDR, or other security tools may sometimes lead to these applications being blocked or their functionality being restricted. This can occur despite the applications being entirely safe and free of malicious code. It is these particular scenarios that the "Keepnet Labs Tools Whitelisting Guidelines" document aims to address.

By following the steps outlined in this guide, including the calculation and whitelisting of the unique hash of the downloaded files, customers can ensure the seamless operation of the Phishing Reporter and Diagnostic Tool within their unique security environments.

Indeed, each enterprise has a unique set of security tools and configurations in place to secure its environment. These tools, while effectively preventing threats, can sometimes interfere with legitimate applications and tools such as the Phishing Reporter and Diagnostic Tool from Keepnet Labs. They may hinder these applications' functionality or block their network communications.

To address this issue, Keepnet Labs recommends a Proof of Concept (PoC) test where enterprises can see how their security solutions interact with the Phishing Reporter and Diagnostic Tool. This PoC allows Keepnet Labs and the enterprise to identify potential conflicts, adjust settings, or create necessary exceptions to ensure the tools work smoothly.

However, in cases where enterprises want to ensure the uninterrupted operation of Keepnet Labs' tools, a whitelisting document is provided. This document is a comprehensive list of all the potential tools and configurations that may need to be adjusted to allow for full functionality. By following the whitelisting document, enterprises can ensure that the Phishing Reporter and Diagnostic Tool will operate as intended within their network environment.

Understanding the Phishing Reporter and Diagnostic Tool

is a tool that allows users to easily report suspicious emails and contribute to the organization's security by reinforcing its human firewall. By installing this tool on their devices, users have a straightforward mechanism to report potentially harmful emails directly from their mailbox interface. Phishing Reporter communicates with the Keepnet Labs platform via the https://api.keepnetlabs.com/api/* network route.

is an auxiliary service as part of the Phishing Reporter suite. It is designed to help troubleshoot potential issues with the Phishing Reporter. When issues arise, the Diagnostic Tool gathers necessary system information to assist Keepnet Labs' support teams to quickly identify and solve the problem. This tool also uses the same network route as the Phishing Reporter, i.e., https://api.keepnetlabs.com/api/*.

Essential Whitelisting Checklist for Security Software

The below checklist provides a guideline for the whitelisting process in different security software categories:

Security Tool
Whitelisting Component
Description

Anti-Virus

File-based Exception

The downloaded executable files (Phishing Reporter and Diagnostic Tool) need to be added to the exceptions in your antivirus software.

EDR

File-based Exception

Add the hash of the downloaded files (Phishing Reporter and Diagnostic Tool) to the exceptions in your EDR system.

Proxy

URL Exception

Add https://api.keepnetlabs.com/api/ and https://addin-api.keepnetlabs.com/api/ to your proxy server's exception list to allow network communications.

DLP

Data Transfer Exception

Configure your DLP to allow data transfer to https://api.keepnetlabs.com/api/ and https://addin-api.keepnetlabs.com/api/

DDoS Prevention

IP/URL Exception

DDoS Prevention tools should be configured to allow incoming and outgoing traffic to https://api.keepnetlabs.com/api/ and https://addin-api.keepnetlabs.com/api/. This will ensure uninterrupted communication with the Keepnet Labs server.

It's critical to verify the integrity of the downloaded Phishing Reporter and Diagnostic Tool through their unique hash values. Once you download these applications, you should calculate their hash and whitelist this hash value in the respective security solutions. This process ensures that you're using the legitimate version of the tools and it hasn't been tampered with during the download process.

Here's how you can calculate the hash of a file on different platforms:

Replace 'yourfilename.exe' with the actual filename of the downloaded file.

  • Windows: You can use the built-in 'CertUtil' tool. Open the Command Prompt, navigate to the directory where your file is located, and then use the following command:

    • certutil -hashfile yourfilename.exe SHA256

  • Linux: The 'sha256sum' tool is usually available by default. Open the terminal, navigate to the directory containing the file, and then use the following command:

    • sha256sum yourfilename

  • Mac OS: You can use the built-in 'shasum' command. Open the Terminal, navigate to the directory where your file is located, and then use the following command:

    • shasum -a 256 yourfilename

Whitelisting Procedures for Various Security Products

1. Symantec Antivirus

Symantec Antivirus provides both file and network-based protection. Therefore, you need to whitelist the application executables as well as the network communications.

  • File-Based Exceptions: Open your Symantec Antivirus, go to Settings > Exceptions > Add Exception > Security Risk Exception > File. Then, locate the Phishing Reporter and Diagnostic Tool executables and add them as exceptions. Please ensure to verify the hash of the downloaded files to ensure their integrity.

  • Network-Based Exceptions: Go to Settings > Exceptions > Add Exception > Security Risk Exception > Known Risk. Add https://api.keepnetlabs.com/api/* to the exceptions to ensure that network communications are not blocked.

2. Palo Alto Proxy

To whitelist network communications in Palo Alto Proxy, you need to create a custom URL category.

  • Custom URL Category: Go to Objects > Custom Objects > URL Category > Add. Name the new category (e.g., "Keepnet Labs"). In the Sites section, add *.keepnetlabs.com/*. Apply the changes.

  • URL Filtering: Create or modify a URL Filtering profile to allow the new custom URL category. This can be done in Objects > Security Profiles > URL Filtering.

3. Forcepoint DLP

For Forcepoint DLP, create a new rule to allow data to be sent to Keepnet Labs' server.

  • New Rule: Go to DLP Policy Manager > File > New > DLP Policy > Rule > Add. In the new rule, set "Endpoint" as the Data Endpoint. Under "Destinations", add https://api.keepnetlabs.com/api/*. Under "Actions", select "Allow". Name and save the new rule.

4. CrowdStrike Falcon

CrowdStrike Falcon uses a cloud-based system to handle threats. Whitelisting can be done through the Falcon console.

  • Prevention Policy Whitelisting: Log into the Falcon console. Navigate to Configuration > Prevention Policies. Select the policy to which you wish to add the exceptions. Under the 'Exclusions' section, click on 'Add New' > 'File'. In the dialog box, enter the SHA-256 hash of the Phishing Reporter and Diagnostic Tool files. Make sure to calculate the hash of the downloaded files to ensure their integrity. Set the 'Type' as 'Whitelist' and the 'Platform' as per your environment (Windows, Linux, or macOS). Add a description for your reference, and save the changes.

  • Network Whitelisting: In the same policy configuration, navigate to the 'IOCs' section. Click on 'Add New' > 'Indicator'. Add https://api.keepnetlabs.com/api/* as an Indicator, select 'Network' as the type, and select 'Whitelist' as the action. Save the changes.

Need Help? Contact Support Team

For additional assistance or questions regarding the implementation and usage of our products, please contact our support team at . Keepnet Labs is committed to supporting our customers at every step, providing necessary insights and assistance to ensure the successful implementation and usage of our products.

💫
Phishing Reporter
Diagnostic Tool
support@keepnetlabs.com