Working with third-party products

This article describes considerations for deploying third‑party products alongside Datto EDR and Datto AV. Additional third‑party products will be added to this article in the future.

1. KnowBe4

KnowBe4 is a security awareness and training platform that educates end users through simulated phishing campaigns. As part of this training, KnowBe4 sends phishing simulation emails that contain clickable links.

Expected behavior

When Datto AV is deployed with DNS Secure enabled, users may see a DNS Secure block page after clicking a KnowBe4 phishing simulation link. This typically occurs when the link is categorized under a blocked category, such as Phishing.

This behavior is expected and indicates that DNS Secure is functioning as designed.

Mitigation

To prevent KnowBe4 phishing simulation links from being blocked by DNS Secure:

Add KnowBe4 domains to the Trusted Domains list in your Datto AV policy.
Use only official KnowBe4 documentation to identify the correct domains.

KnowBe4 maintains an up‑to‑date list of the following:

Email domains
Training domains
Landing page URLs

Always rely on KnowBe4’s official documentation to ensure that only verified KnowBe4 infrastructure is allowed.

For instructions on creating domain exclusions in DNS Secure, see Configuring Datto DNS Secure.

2. AMSI provider conflicts

Datto EDR’s AMSI engine can conflict with other security products that register as AMSI providers. These products may invoke the AMSI interface to scan their own scripting content. Although this activity is benign, it can include patterns that Datto EDR identifies as attacker-exploitable techniques, resulting in false-positive detections.

Examples of these products include SentinelOne and CyberCNS.

Expected behavior

Devices running a third-party product that also registers as an AMSI provider may generate false-positive detections in Datto EDR. These detections typically reference scripting activity generated by the third-party product’s scanning processes.

Mitigation

To resolve AMSI provider conflicts, use one of the following approaches:

Disable script scanning in the Datto EDR policy for the affected device. This prevents the AMSI engine from inspecting scripting content on the endpoint while other EDR protections remain active.
Contact the third-party security vendor for guidance on disabling its AMSI provider registration.

Revision	Date
Initial release	3/13/26
Added section: AMSI provider conflicts	6/1/26

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.