You can configure credential phishing prevention to restrict the websites user can submit corporate credentials to and prevent successful phishing attacks. This task involves selecting the credential detection method that the firewall uses and specifying the actions the firewall takes when it detects corporate credential submissions to allowed URL categories. The firewall enforces the following actions: alert, allow, block, or continue. The continue option results in the display of an anti-phishing response page that warns users against supplying their credentials to certain websites and requires them to click "continue" before they proceed to the requested website.

Each credential detection method requires a different User-ID™ configuration and varies in detection ability. For example, the domain credential filter method requires installation of the Windows User-ID agent and User-ID credential service add-on on a read-only domain controller (RODC). These tools enable the firewall to detect valid corporate username and password pairs and verify that the IP address associated with a login attempt matches an IP address-to-username mapping. The other methods focus on username detection.