I am an admin in a medium sized business (around 85 licenses).
As our users daily visit infected web sites KSC responds very well.
What I usually do after email is received “Event "Legitimate software that can be used to harm your computer or personal data was detected" “ is that I take the infected address and manually add it to our WEB CONTROL filter in which it blocks further attempts to access this website.
Would it be possible to implement a solution where KSC would be learning from its own reactions/responses and automatically add these addresses to WEB CONTROL filters ???