Credential Harvesting being stopped by Windows Defender SmartScreen

Question

It's good but it's bad. 
 I've bypassed all domain and URL filtering successfully in Office 365/ATP. However, when a user clicks the link it's still getting caught by 
 Windows Defender SmartScreen. It looks like any GPO settings are all or nothing and we certainly don't want to disable this across the entire domain. 
 
 Had anyone else ran into this issue. Credential harvesting campaigns are something we really want to start using.

FloSupport · Answer

Hi All, 
 This article has been published to address this issue: 
 
 Sophos Phish Threat: How to whitelist a campaign URL that is blocked by Windows Defender 
 
 Regards,

FloSupport · Answer

Hi Robert Barnes 
 Apologies for this inconvenience, Smart Screen is a function of Windows Defender and Sophos has no control over this. 
 Are you able to create a Windows Defender exception or whitelist for the Phish Threat URLs/IPs ? 
 Additionally, if you are using our Sophos Endpoint Anti-Virus, it is recommended to disable other AV products as they could conflict or cause performance issues. 
 Regards,