Zero Phishing Settings

To access Zero Phishing Settings, in the Policy tab, expand Threat Extraction, Threat Emulation and Anti-Exploit ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., right click Zero Phishing Settings under the Actions column and click Edit Shared Action .

Define setting for phishing prevention and password reuse prevention.

  • Phishing Prevention - Checks different characteristics of a website to make sure that a site does not pretend to be a different site and use personal information maliciously.

  • Password Reuse Prevention - Alerts users not to use their corporate password in non-corporate domains.

Phishing Prevention

  • Phishing Protection - Select an option:

    • Prevent Access and Log (default) - If Harmony Endpoint determines that the site is phishing, users cannot access the site. A log is created for each malicious site.

    • Off - Phishing prevention is disabled.

    • Log Only - When a user uses a malicious site, a log is created.

    • Prevent Access Only - Users cannot access malicious sites. No logs are created.

  • Send log on each scanned site - Send logs for each site that users visit, if it is malicious or not. By default, it is selected.

  • Allow user to dismiss the phishing alert and continue to access the site - Users can choose to use a site that was found to be malicious.

  • Allow user to abort phishing scans - Users can stop the phishing scan before it is completed.

Password Reuse

  • Password Reuse Protection - Select an option:

    • Alert User and Log (default) - If a user enters a corporate passwords in a non-corporate site, the user gets an alert and a log is created.

    • Off - Password Reuse Prevention is disabled.

    • Log Only - If a user enters a corporate passwords in a non-corporate site, a log is created.

    • Alert User Only - If a user enters a corporate passwords in a non-corporate site, the user gets an alert.

  • Protected Domains - Add domains for which Password Reuse Protection is enforced. Harmony Endpoint keeps a cryptographic secure hash of the passwords used in these domains and compares them to passwords entered outside of the protected domains.

After you configure the settings, click OK.