Cisco Secure Email Cloud Defense & Simulated Phishing Campaign

JacobR · ‎03-03-2022

Our company uses a third-party vendor to send out simulated phishing emails to our end users. Many of the emails are being classified as phishing and deleted by Cisco Secure Email Cloud Defense (CMD). We have found no way to whitelist these emails inside of the CMD application since you can only set rules to override graymail and spam flags but not emails flagged as phishing. Does anyone know a way to allow these emails through without turning CMD off during active phishing campaigns? This seems like a major flaw with the software if it doesn't support simulated phishing campaigns.

Thanks!

José L. Dávila · ‎03-03-2022

Hello Jacob,

As per user guide, if a sender belongs to a sender allow list in Exchange/Office 365 , remediation actions are not applied. (Reference: https://www.cisco.com/c/en/us/td/docs/security/cloud-mailbox/user-guide/cloud-mailbox-user-guide/policy.html?bookSearch=true)

You may try adding your security campaign vendor to an allow list in MS side, which should bypass the remediation actions on CMD.

Hope it helps.

Cheers.

José L. Dávila.

José L. Dávila

JacobR · ‎03-03-2022

Hi José,

Thanks for the quick response. Unfortunately this solution does not work, we have had our vendor's information in our exchange allow list for over a year. I did just find out that our security engineer opened support ticket regarding this with Cisco yesterday discovered this is a known issue with the CMD software and there is a fix in the works.

I did overlook the note in the user manual so I do appreciate you pointing that out! It would be nice if it was a bit clearer in the documentation, myself and several others looked at this and did not notice it. Hopefully the bug in the software will be resolved soon.

Best regards,

Jacob