Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Is there a way via MF or CF to check if an attachments MIME type is indeed the attach it mimicseg. executable file run.exe -> renamed by end user to run.txt
We have url filtering in place for several scores. Works fine But we use a phishing tool ( external ) to test our users if they click on a 'phishing' url in an email they receive from the attacking tool We noticed recently that Cisco seems to open th...
Hi I have an address list with some domains in it, for which we enforce incomming tls ( tls is mandatory + verify client cert ) Tls is indeed enforced, this works. But when the client cert cannot be validated, the mail also goes through Tue Jan 1...
When an external party has a Dmarc record set to p = none ( states hey you don't need to act on it ) .... that mails comes in on our cisco esa's.. Its the external parties choice to tell us what we will need to do with mails that fails on Dmarc... If...
Hi All, We recently increased the SDR scanning engine, to include the 'poor' in the reject verdict ( Awful was standard enabled ), after we scanned the number of 'poor' SDR's in a period of time offcourse But now we see that most domains that fell in...
I found the possible culprit There is a setting : Enable sharing limited data with the Service Logs Information Service (Recommended) I disabled that one, and found that there were no more ' click actions ' reported for urls ( sent in via pishing ca...
Workaround does not help. They will first discuss this with the phishing tool to see if they can whitelist cisco's ip range for clicks ( its a specific range )
Hello dmccabej; I checked and we even have it with VOF disabled etc In the docu it states : Outbreak Filters must be enabled and configuredWeb Interaction Tracking must be enabled in Outbreak FiltersService Logs must be enabledDepending on the versio...
We even tested with a mailpolicy, were NO CF were triggered, and every service off ( no antispam, VOF etc ) . And still from time to time the phishing mail gets triggered. Seems by ip 146.112.163.35 ( Cisco OpenDns ) according to the logs in the phis...
