This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Happy__
Collaborator
‎2018-08-10 04:45 AM

Error:-failed to download file.try again but only if you trust this site

failed to download file.try again but only if you trust this site

8 Replies
_Val_
Admin
Admin
‎2018-08-10 05:27 AM

Please look here Sandblast agent for browser - file can not be downloaded, in the comments there is a suggestion that you are using both Threat Emulation and SandBlast Agent at the same time

Happy__
Collaborator
‎2018-08-10 05:34 AM
In response to _Val_

I already check it. But TE blade is disabled is GW and Error does not come every time, Customer faces it from some specific sites.

0 Kudos
Chinmaya_Naik
Advisor
‎2018-08-10 08:09 AM
In response to Happy__

As per the file that I see from screenshot that you share is basically download from a mail.

can you go to the “threadwiki.checkpoint.com” and try to download the dummy file and check whether it’s block by sandblast agent or not ?

when we see this kind of messages when you download from any trusted sites then just exclude the domain to avoid this kind of message.

Thanks

#Chinmaya Naik

0 Kudos
Happy__
Collaborator
‎2018-08-13 09:01 PM

Its a known limitation (one-time links) of SandBlast Browser, which is mentioned in sk108695.

When you click on a link to download a file, the browser extension detects this download attempt and stops it, then generate a new download request to the same URL, but this time the download should go through the extension and be inspected.

This can only happen if the URL stays the same, now when we have a one-time link (AKA dynamic links), this is randomly generated links which means that every download attempt gets its own unique URL.

When trying to download from a one-time link, the extension try's to download from the link that was generated at the first click, but this link is no longer valid and therefore we get this error of "Failed to download the file. Please try again only if you trust this site".

If you are sure the file is not malicious and you trust the website (in this case we are talking about an internal site so there shouldn't be any problem) you can simply exclude this IP address in the Threat Emulation policy.

What will happen the next time you click on the link? 
The extension will not inspect the file and it will be downloaded according to the fail open/close of the Threat Emulation policy.
Meaning - the file will be allowed/blocked according to what you configure in the policy if you configure the action "Allow" in Threat Emulation policy (When neither Emulation or Extraction are supported).

Gaurav_Pandya
Advisor
‎2022-03-09 10:03 AM
In response to Happy__

I have the same issue. Getting error "failed to download file.try again but only if you trust this site" from harmony. I have excluded domain from TE and other b;ades but now I am getting different error.

33,"category":"File bypass","action":"Error getting original file","label":"Error getting original file","customVar5Key":"file_extension","customVar5Val":"pptx"}
2022-03-09 9:34:00:742: LEVEL: INFO | MODULE: ANALITICS | SESSION: 38d2f692 | MESSAGE: "trackAction send" | PARAMS: {"id":2033,"category":"File stats","action":"Download file from web","label":"Error","value":67,"customVar5Key":"file_extension","customVar5Val":"pptx"}

0 Kudos
Charris_Lappas
Collaborator
‎2018-09-10 10:32 AM

Hi,

Check your policy for emulation on network level, if you have set it up to emulate files, then you have two systems trying to get access and  emulate the same file... Put an exclusion for the devices that you have SBA installed in your network policy.

Thanks,

Charris Lappas 

0 Kudos
Happy__
Collaborator
‎2018-09-10 10:18 PM
In response to Charris_Lappas

but TE and TEX blade is disabled is GW.

0 Kudos
Happy__
Collaborator
‎2018-09-10 10:19 PM

in GW

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events