Phishing training sites are designed to educate users on identifying phishing attacks.  These sites are used in simulated phishing emails that resemble real threats but are non-malicious.  They track user interactions, identifying who successfully recognized the email as phishing and who did not. These sites may be restricted based on an existing policy blocking real Phishing sites.

We categorize phishing training URLs as both Phishing and Informational. This category combination was chosen to avoid unexpected changes resulting from user submitted phishing reports and third-party detections.

As a best practice, we recommend working with your Phishing Awareness vendor to obtain a list of the sites that will be used as part of the training and allow those domains.  We suggest testing these exceptions to make sure they were allowed in your various layers of protection. 

Customers can configure policies to allow traffic to specific URLs as outlined in these KB articles: 

Edge SWG:
How do I allow a single URL/website when the Edge SWG(ProxySG) appliance's default policy is set to Deny, or the URL category is denied?

Adding large number of Domains to Edge SWG (ProxySG) to be used in allow or block lists

Endpoint Protection:
Trusted Web Domain Exception (Admin Guide)

As an alternative more generic approach, the Phishing and Informational category combination allows administrators to implement network policies that permit traffic to these sites.  This ensures users can access training materials while still blocking real phishing threats.  By allowing traffic to URLs marked with this category combination, organizations can strike a balance between security and training.

Category combination policy

• Edge SWG please refer to this article: https://sitereview.symantec.com/#/category-combinations
• SEP already automatically allows this category combination

To test policy for the category combinations the following URL may be used: testrating.webfilter.bluecoat.com/phishing/informational

If your phishing training sites are not correctly categorized with this category combination please report the URL and suggest the correct categorization using Site Review: https://sitereview.symantec.com.