For simulation cases where the landing pages display the following warning (or a similar one) in Google Chrome:
You must whitelist our domains in Safe Browsing for web navigation. These domains can be found in the Settings > Security > Whitelist section or in the article: Whitelist Process in SMARTFENSE
The domains used for simulations may be temporarily blacklisted due to the nature of our phishing and ransomware simulations. Since these domains are used in campaigns that replicate real threats for educational purposes, some security tools identify them as potentially malicious.
At SMARTFENSE, we actively work to minimize these false positives by managing reclassification requests with major security and web filtering providers. However, the response varies depending on the specific tool or security solution; some allow educational categorization, while others apply stricter restrictions.
Once a domain has been included in these lists, a warning banner may appear when clicking the link. This banner could prevent a user from accessing phishing links or landing pages when failing a phishing test.
Implementing a Safe Browsing whitelist that includes our root phishing link domains and landing page domains will ensure that users do not see warning messages and will allow clicks to be properly recorded. The Safe Browsing whitelist can be applied across multiple platforms for the Chrome browser, including Windows, macOS, and Chrome-based operating systems.
Safe Browsing Whitelist in Windows
To whitelist domains with Safe Browsing in Windows, you need to use a Group Policy Object (GPO). To apply this configuration:
- Download the Chrome ADMX templates. To access them, refer to Google’s article Set Chrome Browser policies on managed PCs and go to the Windows section.
- Install the ADMX templates on the domain controller. After this, they will be available to assign through GPO.
- In the GPO Editor, navigate to: Computer Configuration → Administrative Templates → Google → Google Chrome → Safe Browsing Settings → Configure the list of domains on which Safe Browsing will not trigger warnings.
- In the setting, select Enabled. Then select Show to view the configuration list.
- Add the root domains of phishing links and landing pages used in your PSTs. Domains must be listed with the syntax: example.com.
- Click OK, then Apply.
- Restart Chrome and navigate to chrome://policy to verify that the policy has been applied correctly.
Safe Browsing Whitelist in macOS
To apply the policy in macOS, you must edit the Google Chrome .plist files that are distributed to your devices. You can also create a new policy and distribute it via MDM.
- Create a .plist file and open it in the editor of your choice. You can use the sample file provided by Google as a reference.
- Edit the file to include the root domains of phishing links and landing pages used in your PSTs. Each root domain must be added as a <string> entry within the <array> corresponding to the key <key>SafeBrowsingAllowlistDomains</key>.
- Save the .plist file and convert it into a system policy using a converter such as mcxToProfile.
- Distribute the policy to devices via MDM.
- Restart Chrome and navigate to chrome://policy to confirm that the policy has been applied correctly.
Safe Browsing Whitelist in Chrome Profiles
For Chrome-managed devices or Chrome-based devices, you must configure the following settings from the Google Admin console:
- Open the Google Admin console.
- Navigate to: Devices → Chrome → Settings → Users & browsers → Safe browsing allowed domains.
- Enter the root domains of phishing links and landing pages used in your PSTs (one per line).
- Click Save.
- Verify in chrome://policy that the policy has been applied correctly.
Requirements for the Safe Browsing Whitelist
These system requirements were obtained from the official Google Enterprise documentation. For more information, see the article: Safe Browsing Allowlist Domains from Google.
Compatible with:
- Google Chrome (Linux, Mac and Windows) since version 86
- Google ChromeOS (Google ChromeOS) since version 86
- Google Chrome (Android) since version 133