Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Happy__
Collaborator

Error:-failed to download file.try again but only if you trust this site

failed to download file.try again but only if you trust this site

8 Replies
_Val_
Admin
Admin

Please look here Sandblast agent for browser - file can not be downloaded, in the comments there is a suggestion that you are using both Threat Emulation and SandBlast Agent at the same time

Happy__
Collaborator

I already check it. But TE blade is disabled is GW and Error does not come every time, Customer faces it from some specific sites.

0 Kudos
Chinmaya_Naik
Advisor

As per the file that I see from screenshot that you share is basically download from a mail.

can you go to the “threadwiki.checkpoint.com” and try to download the dummy file and check whether it’s block by sandblast agent or not ?

when we see this kind of messages when you download from any trusted sites then just exclude the domain to avoid this kind of message.

Thanks

#Chinmaya Naik

0 Kudos
Happy__
Collaborator

Its a known limitation (one-time links) of SandBlast Browser, which is mentioned in sk108695.

When you click on a link to download a file, the browser extension detects this download attempt and stops it, then generate a new download request to the same URL, but this time the download should go through the extension and be inspected.

This can only happen if the URL stays the same, now when we have a one-time link (AKA dynamic links), this is randomly generated links which means that every download attempt gets its own unique URL.

When trying to download from a one-time link, the extension try's to download from the link that was generated at the first click, but this link is no longer valid and therefore we get this error of "Failed to download the file. Please try again only if you trust this site".

If you are sure the file is not malicious and you trust the website (in this case we are talking about an internal site so there shouldn't be any problem) you can simply exclude this IP address in the Threat Emulation policy.

What will happen the next time you click on the link? 
The extension will not inspect the file and it will be downloaded according to the fail open/close of the Threat Emulation policy.
Meaning - the file will be allowed/blocked according to what you configure in the policy if you configure the action "Allow" in Threat Emulation policy (When neither Emulation or Extraction are supported).

Gaurav_Pandya
Advisor

I have the same issue. Getting error "failed to download file.try again but only if you trust this site" from harmony. I have excluded domain from TE and other b;ades but now I am getting different error.

33,"category":"File bypass","action":"Error getting original file","label":"Error getting original file","customVar5Key":"file_extension","customVar5Val":"pptx"}
2022-03-09 9:34:00:742: LEVEL: INFO | MODULE: ANALITICS | SESSION: 38d2f692 | MESSAGE: "trackAction send" | PARAMS: {"id":2033,"category":"File stats","action":"Download file from web","label":"Error","value":67,"customVar5Key":"file_extension","customVar5Val":"pptx"}

0 Kudos
Charris_Lappas
Collaborator

Hi,

Check your policy for emulation on network level, if you have set it up to emulate files, then you have two systems trying to get access and  emulate the same file... Put an exclusion for the devices that you have SBA installed in your network policy.

Thanks,

Charris Lappas 

0 Kudos
Happy__
Collaborator

but TE and TEX blade is disabled is GW.

0 Kudos
Happy__
Collaborator

in GW

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events