This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
N-eight
Explorer
a month ago

Files downloaded Renamed Incorrectly After Download

Hello, Everyone
I’m encountering an issue where files downloaded from an internal web are renamed to a random string format (e.g., 1c17f30-76b8-42d0-82ed-02c279f11d7) instead of keeping their original filenames.
 
Details:
- Endpoint Version: 88.32.2003.
- This happens inconsistently on specific endpoints and files.
- Likely caused by settings in Threat Extraction or Threat Emulation, or possibly the internal web system.
 

File Details:

- The files are in PDF format.
- They can be opened without any issues.
- The content within the files remains unchanged.
- Only the file name is altered.

about issue file rename.jpg

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Steps Tried:
- Added the internal web domain to Exclusions under Threat Emulation, Extraction, and Zero Phishing Exclusions.
- Verified file handling settings on the internal web system.
 
Question:
- How can I configure Harmony Endpoint to ensure files retain their original names without being renamed during the download process?
 
Thank you!
0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee
a month ago

Please contact TAC to investigate this issue.

Refer also: https://community.checkpoint.com/t5/Endpoint/Files-downloaded-Renamed-to-SHA1-Hash-After-Download/m-...

CCSM R77/R80/ELITE
0 Kudos
CheckMatesAI
Bot
a month ago

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

To configure Harmony Endpoint to ensure that files retain their original names during the download process, you can adjust the settings for Threat Extraction and Threat Emulation. Here are the steps you can follow:

  1. Access Advanced Settings:

    • Navigate to Advanced Settings > Download Protection.

  2. Override Default File Actions:

    • Go to Override default file actions (download).
    • In the Supported Files section, click Edit.
    • Select the File action and Extraction Mode that allows the original file name to be retained.
    • Click OK.

  3. Adjust Threat Emulation and Extraction Settings:

    • In a Harmony Endpoint Threat Extraction and Threat Emulation rule, right-click the Web Download Protection Action and select Edit Shared Action.
    • Choose Emulate original file without suspending access to allow users to download and access the file while it is tested.
    • Ensure that the Allow Download option is selected to bypass emulation or extraction, which might be altering the file names.

  4. Check Unsupported Files Settings:

    • For unsupported file types, ensure that the Download action is set to Allow to prevent any renaming.

  5. Review Exclusions:

    • Since you've already added the internal web domain to exclusions, ensure these settings are correctly applied under Threat Emulation, Extraction, and Zero Phishing Exclusions.

By following these steps, you should be able to configure Harmony Endpoint to maintain the original file names during downloads. If the issue persists, consider reaching out to Check Point Support for further assistance. For more detailed guidance, you can refer to the Harmony Endpoint Administration Guide.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events