https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143854#M55652 <P>We have encountered a problem with SandBlast TE250 equipment.<BR />We have cases where letters from the MTA go to Bypass without waiting for a response from SandBlast. When such cases occur, we see the following errors in the ted.elg directory.</P><P>[TE (TD::Surprise)] te::Emulation::EmulationInvestigator::HandleFileEmulationFailed: {CA........} Failed to emulate file on image 'e........' (file status: VM assigned): Internal virtual sandbox communication error<BR />[TE_TRACE]: {................} Run 3 for image: 'e50....' ended with verdict 'Error' (0 malicious runs, min:2), reason: Internal virtual sandbox communication error<BR />[TE_TRACE]: {................} verdict 'Error' set for image: 'e50e...' (WinXP,Office 2003/7,Adobe 9) by: 1, reason: Internal virtual sandbox communication error<BR />[TE_TRACE]: VM 272 KeyPoint: Terminating VM due to error: Failed to connect to SYMO client<BR />[TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 272 (Creation In Process): Terminating VM due to error: Failed to connect to SYMO client<BR />[TE_TRACE]: VM 272 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)</P><P>We found similar sk120479 and sk135392, they don't fully correspond to our problem, but they are similar.<BR />Both SKs say about TAS. Unfortunately our existing cases in TAS are going very long, so I would like to know if anyone has any experience with similar errors and how you can diagnose these errors?</P> Wed, 16 Mar 2022 07:45:57 GMT Hllrdm 2022-03-16T07:45:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143854#M55652 <P>We have encountered a problem with SandBlast TE250 equipment.<BR />We have cases where letters from the MTA go to Bypass without waiting for a response from SandBlast. When such cases occur, we see the following errors in the ted.elg directory.</P><P>[TE (TD::Surprise)] te::Emulation::EmulationInvestigator::HandleFileEmulationFailed: {CA........} Failed to emulate file on image 'e........' (file status: VM assigned): Internal virtual sandbox communication error<BR />[TE_TRACE]: {................} Run 3 for image: 'e50....' ended with verdict 'Error' (0 malicious runs, min:2), reason: Internal virtual sandbox communication error<BR />[TE_TRACE]: {................} verdict 'Error' set for image: 'e50e...' (WinXP,Office 2003/7,Adobe 9) by: 1, reason: Internal virtual sandbox communication error<BR />[TE_TRACE]: VM 272 KeyPoint: Terminating VM due to error: Failed to connect to SYMO client<BR />[TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 272 (Creation In Process): Terminating VM due to error: Failed to connect to SYMO client<BR />[TE_TRACE]: VM 272 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)</P><P>We found similar sk120479 and sk135392, they don't fully correspond to our problem, but they are similar.<BR />Both SKs say about TAS. Unfortunately our existing cases in TAS are going very long, so I would like to know if anyone has any experience with similar errors and how you can diagnose these errors?</P> Wed, 16 Mar 2022 07:45:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143854#M55652 Hllrdm 2022-03-16T07:45:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143856#M55653 <P>TE250 is from <SPAN>Sep-2013 and&nbsp;</SPAN>out of any support since&nbsp;<SPAN>Jun-2020 !</SPAN></P> Wed, 16 Mar 2022 08:33:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143856#M55653 G_W_Albrecht 2022-03-16T08:33:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143858#M55654 <P>We did further analysis, similar problems also exist on other equipment that is fresher than 250.</P> Wed, 16 Mar 2022 08:39:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143858#M55654 Hllrdm 2022-03-16T08:39:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143861#M55655 <P><A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk114806&amp;partition=Advanced&amp;product=Threat" target="_blank">sk114806: ATRG: Threat Emulation </A>&nbsp;gives treoubleshooting help.</P> <P>You should ask TAC to resolve the issue <SPAN>on other equipment that is still supported</SPAN>&nbsp;- not on the TE250 soon out of support for 2 years already...</P> Wed, 16 Mar 2022 08:47:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143861#M55655 G_W_Albrecht 2022-03-16T08:47:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143863#M55656 <P>As I wrote earlier, while we do not see the point in contacting the TAC, as cases are delayed for a long time. I wrote this thread to find out if anyone had such a problem at SandBlast and how to solve it.</P> Wed, 16 Mar 2022 09:01:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143863#M55656 Hllrdm 2022-03-16T09:01:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143883#M55657 <P>I am afraid, sometimes you do have to let TAC help you. There is always an option to escalate, if you believe you are not getting enough attention.&nbsp;<BR /><BR />If you need any assistance, please feel free to PM me.</P> Wed, 16 Mar 2022 10:38:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SandBlast-Errors/m-p/143883#M55657 _Val_ 2022-03-16T10:38:38Z