Whitelist Check Point Harmony Email & Collaboration

How to Whitelist CyberLearn in Check Point

Follow the steps below to whitelist CyberLearn in Check Point Harmony Email & Collaboration before running your phishing simulation.

Check Point handles exceptions per security engine. That means an Anti-Phishing exception does not automatically bypass URL reputation, malware inspection, or other engines. Emails on the Anti-Phishing allow-list are still evaluated by other security engines such as Anti-Malware and DLP.

Step 1 – Add an Anti-Phishing Allow-List rule

Why this matters

CyberLearn phishing emails are intentionally designed to simulate realistic phishing scenarios. Because of that, Check Point may classify them as phishing unless they are explicitly allow-listed.

Check Point lets you create Anti-Phishing Allow-List rules under Security Settings > Exceptions > Anti-Phishing, and the available filters include Sender Domain, Sender Email, Client Sender IP, Server IP, Links in body, and Headers. Check Point also supports CIDR notation for IP ranges in the IP filters.

Follow these steps

  1. Log in to your Check Point Harmony Email & Collaboration admin portal.
  2. Go to Security Settings.
  3. Open Exceptions.
  4. Click Anti-Phishing.
  5. In the exception type selector, choose Allow-List.
  6. Create a rule that matches your CyberLearn simulation emails.

We recommend using a combination of these filters:

  • Sender Domain
  • Sender Email
  • Server IP

For CyberLearn, a typical allow-list rule can include:

Sender domains

  • cyber-detector.com
  • cyberlearn.cyber-detector.com
  • bnc3.cyber-detector.com
  • app-cyberlearn.com
  • api.app-cyberlearn.com
  • veriffy-center.com
  • user-messagee.com
  • access-portall.com
  • delivery-statuss.com
  • document-serviice.com
  • security.cyber-detector.com

Sending IP

  • 45.14.148.126
  1. Add a clear description such as:
    CyberLearn phishing simulation allow-list
  2. Save the rule.

Important note

If a phishing email is sent to multiple recipients, Check Point states that the message is only allow-listed if the rule applies to all recipients. If even one recipient does not match the allow-list rule, the phishing workflow can still be applied to everyone.

Step 2 – Add URL Reputation Exceptions

Why this matters

Even if the email itself is allow-listed under Anti-Phishing, the links inside the email can still be inspected separately by Check Point’s URL reputation engine.

Follow these steps

  1. In the Check Point admin portal, go to Security Settings.
  2. Open Exceptions.
  3. Click URL Reputation.
  4. Choose Allow-List.
  5. Add the CyberLearn domains and URLs used for landing pages, redirects, and tracking.

We recommend adding at least:

  • api.app-cyberlearn.com
  • go.cyber-detector.com

Important note

Do not enter the sending IP here. The IP belongs in the Anti-Phishing Allow-List rule, while URL Reputation Exceptions are for domains and URLs used in links.

Step 3 – Review Click-Time Protection if links are still affected

If your test emails are delivered but users still experience blocked, rewritten, or interrupted links, review the relevant link-protection exception settings as well. Check Point’s documentation makes clear that exception handling is split by engine, so allowing the phishing message itself does not automatically mean link handling is bypassed.

At minimum, review whether these domains need to be excluded from link-related inspection:

  • api.app-cyberlearn.com
  • go.cyber-detector.com

Step 4 – Trusted Senders as an optional supplement

Trusted Senders can be useful as a supplement for spam handling, but they should not be your only CyberLearn configuration. For phishing simulations, the important part is still the Anti-Phishing allow-list plus the relevant URL exceptions. Check Point documents Trusted Senders separately from Anti-Phishing exceptions, which is why it should be treated as an optional add-on rather than the core setup.

Recommended CyberLearn Check Point configuration

To ensure successful delivery and tracking of CyberLearn phishing simulations in Check Point, we recommend:

  • Anti-Phishing Allow-List with sender domain, sender email, and sending IP
  • URL Reputation Exceptions for CyberLearn tracking and landing domains
  • review of link-related protection if links are still modified or blocked
  • Trusted Senders only as an optional supplement.

The most important takeaway

For CyberLearn in Check Point, the sending IP should be added under the Anti-Phishing Allow-List rule, specifically using Server IP and, if relevant, Client Sender IP. It should not be added under URL Reputation or Trusted Senders. Check Point explicitly supports exact IPs and CIDR ranges in the Anti-Phishing IP filters.

Cyber Detector logo

Protect your buisness against cyberattacks and focus on what’s important to you. 

Facebook-f Linkedin-in

Contact Info

  •  Fløjtevej, 4700 Næstved
  • +45 22 97 82 98
  • contact@cyber-detector.com

VAT: 45080234

Menu

Open Hours

Monday – Friday:                                      08:30 – 17:00

Weekends:                                                 Closed

 

SOC Support

Monday – Sunday:                                     00:00 – 23:59

Cyber Detector logo

Protect your buisness against cyberattacks and focus on what’s important to you. 

Facebook-f Linkedin-in
Product
Solutions
FAQ & Support
Security, Trust & Privacy
Demo
Company
Resources
Open Hours

Monday – Friday:                              08:30 – 17:00

Weekends:                                                 Closed

SOC Support

Monday – Sunday:                           00:00 – 23:59

Contact Info
  • Balstrupvej 90, 4100 Ringsted
  • +45 70 60 42 24
  • contact@cyber-detector.com
  • VAT: 45773752
Book a meeting
Book a meeting