2 weeks ago
That has been done.
The problem I run into is finding a url to test against. Unless someting is not setup correctly.
User get phish message asking them to fix thier O365 account due to unusual activity.
https://www.tasteofthewild.com.au. PA url filter categorizes as person blogs.
User goes to site and is allowed to put in domain creds.
Looking at URL monitor traffic is decrypted and no cred detected. Site has been SSL decrypted and the personal blogs category is set to block user credentail submission.
Maybe it has something to do with the bloom filters not getting propgated to firewall. Not sure how to tell. I was just hoping to get input from someone else already using this.
2 weeks ago
also this is somewhat confusing (from 8.0 Admin guide):
" The firewall automatically skips checking credential submissions for App-IDs associated with sites that have never been observed hosting malware or phishing content to ensure the best performance even if you enable checks in the corresponding category. The list of sites on which the firewall will skip credential checking is automatically updated via Application and Threat content updates."
Does this mean websites with a good reputation will be skippped from credential submit check , even if I have the category set to block cred submission?