This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
earomero
Participant
a week ago

Speed ​​up sandbox download

Good morning, greetings from Argentina!


Emulating downloads in the Checkpoint sandbox (Chrome extension) takes forever. A 1MB file takes about 3 minutes. It's an eternity.

I have v88.61 installed on the endpoints, and the configuration I apply is as follows:

my current configurationmy current configuration

 

I'd like to know if the sandboxing process can be sped up.

Thank you very much, best regards!

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee
a week ago

This is partly the use case for why Threat Extraction or CDR exists.

End users receive sanitised documents whilst emulation occurs in the background.

CCSM R77/R80/ELITE
0 Kudos
earomero
Participant
a week ago
In response to Chris_Atkinson

Thanks for your response.
The download is suspended until emulation is complete. The user receives the download after emulation, not before.
The problem is that this emulation takes a long time. What parameters can be configured to speed up the emulation process?
Regards!

0 Kudos
PhoneBoy
Admin
Admin
a week ago
In response to earomero

Beyond the file itself, there are no parameters that influence the speed of the emulation process.
Three minutes is pretty typical for that.

0 Kudos
earomero
Participant
Monday
In response to PhoneBoy

Hello, greetings from Argentina again!

The problem is that .xlsx, .docx, .pdf, and .jpg files are taking forever, and my organization's users are losing patience. I can't understand how a 3MB file takes around 4 minutes; it's an eternity in the age of IT.

Considering that the premise of my cybersecurity department is: "absolutely every download goes through sandboxing," what is recommended to speed up the emulation process?

I'll run the configuration again:

sandboxing.png

 Best regards!

0 Kudos
PhoneBoy
Admin
Admin
Monday
In response to earomero

I assume, given what we do with Threat Emulation, the emulation is as quick as is practical.
This includes acting on the document in the same ways an end user might.

We provide the "Get extracted copy before emulation completes" (i.e. Threat Extraction) option, which gives the end user a safe file immediately that does not include potentially unsafe/malicious elements (e.g. scripts in MS Office docs).
Once the file is emulated, if the end user needs the original, and we have not found any threats via emulation, the end user can get it.
In practice, I've only had to get the original file a handful of times over the past ~10 years. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
a week ago
In response to earomero

Again talking generally, sandbox location local/remote/cloud and connectivity to it obviously can be a factor.

See also - https://support.checkpoint.com/results/sk/sk109833

Out of interest is there a reason you prefer to not leverage extraction here?

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top