Anyone have a suggestion to whitelist this folder in the AppData? When I try a wildcard or variable for the username it doesn't like it in the exclusions list. The user is clicking on KnowBe4's Phishing Alert Button and getting stuck. I have whitelisted the program and added the SHA-256 to the whitelist, but it keeps changing.
- Event Type: Threat Detected
- Computer: <computer>
- Hostname: <computer>
- IP: <IP>
- User: <user>
- Detection: JS.Heur.Phishing.3.D080FC1C.Gen
- File: phish_alert_iocp_v1.4.85 (002).eml
- File path: \\?\C:\Users\<username>\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\K8URJSD0\phish_alert_iocp_v1.4.85 (002).eml
- Detection SHA-256: fb6c2ef8f1b690ea56f89e1955ce181758ead64c1a44fbc0f7bc855ebecb2110
- By Application: OUTLOOK.EXE
- Application SHA-256: ffb6bdb1e75aa19be87686091876194b2d39501e3bf4787c0da4f1f0842903b7
- Severity: Medium
- Timestamp: 2022-02-17 16:09:25 +0000 UTC