This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Premysl_Vresky
Contributor
‎2018-02-20 02:48 AM

Sandblast agent for browser - file can not be downloaded

Translation to English:

Failed to download file. Please try again only if you believe this page

 


What exactly does this state mean?
What situation can happen?

6 Replies
Premysl_Vresky
Contributor
‎2018-02-20 02:50 AM

maybe I should put it in another category?
SandBlast Agent (Endpoint)

if so please move. Thanks

0 Kudos
Premysl_Vresky
Contributor
‎2018-03-01 04:47 AM

I attach info from the support, maybe someone will help

This is the way how the product works by default:

1.You click on the file to download it and the download procedure (triggered by browser) should be started.
2.But since we have SBA extension it catches and stops this download and goes to a link to get it
3.If it is one-time link the agent cannot get the file from the same link and you are getting the error message "Could not download the file. If you trust the web page try it again"
4.Then, if you try to download the same file again (meaning click on it), then according to the previous error message you will be able to get the file, because SBA will not inspect the same URL again.
5.Another option, if you do not want to get this error message all the time and trust the website, you can just exclude it from scanning.


Hope it explains the SBA extension work.

Aaron_Vivadelli
Contributor
Contributor
‎2018-05-23 07:45 AM
In response to Premysl_Vresky

I'm getting this error too, but I've only noticed it when trying to test Sandblast Agent using the https://threatwiki.checkpoint.com site with the "Test Threat Emulation" link.

It's not making sense to me.  I'm not sure why Sandblast Agent cannot analyze this file.  Anyone else have any input?

0 Kudos
Charris_Lappas
Collaborator
‎2018-05-23 10:45 AM

This I believe happens when you have both SandBlast Agent and Gateway Threat Emulation at the same time. When you click on a link, the gateway attempts to emulate the file and at the same time the SBA (Browser extension) tries to access it but is locked until the Gateway get a verdict. You have two systems fighting to analyse the same file.

An additional issue is with downloading files from computer without the SBA agent. The behaviour is different each time since the browser is trying to download the file but the download pauses. The Internet Browser cannot download the file and you get these errors.

CP should provide a solution since the behaviour even though technically is totally correct, the end user experience is problematic and creates a lot of calls to the service desk.  

Additionally a clear policy should be adviced by CP in cases that you have SandBlast Agent installed on some computers, Gateway Threat Emulation and computers without the SandBlast Agent.

Thanks,

Charris Lappas

Aaron_Vivadelli
Contributor
Contributor
‎2018-05-23 07:44 PM
In response to Charris_Lappas

Thanks for your response Charris.  This kind of make sense because my customer is using Sandblast on their perimeter gateway as well, but I had them connect to an external connection and they are seeing the same thing.  I also installed Sandblast Agent for Browsers in Chrome on my machine (which doesn't have an Endpoint Client) using a trial license and I get the same thing.

This might be something else, but I also noticed that when downloading small zip and exe files (possibly others too), it says it's emulating the file but then comes back a few minutes later saying it failed.  If I test with a PDF file, it emulates that properly.

I was almost wondering if there is some type of limitation when using a trial license.

0 Kudos
Charris_Lappas
Collaborator
‎2018-05-23 09:36 PM
In response to Aaron_Vivadelli

Just to clarify, when I was referring to the SBA agent I was including the Agent for Browsers as well. If you have setup Threat Emulation on gateway you and not agent on the PC you will get errors when downloading files from the Internet especially from IE. This is because TE blocks the connection until the file is analysed. During this time the browsers considers this a broken download link. I'm expecting CP to create a mechanism to send some bytes of data in order to foul the Browser.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events