Hello,
Thank you for your reply, I made a mistake on the icap url...I wrote "sanblast" instead of "sandblast".
But I don't understand how it's work...
I' m checking the checkpoint ICAP server on my lab and if I upload a eicar document, the checkpoint accept the eicar file.
I configured a ICAP profil ont the threat prevention layer with this options.
- If the threat emulation is activate ont the ICAP profil, the eicar test file is accept by checkpoint
-If I the threat emulation is not activate on the ICAP profil the eicar test document is prevent by the anti-virus blade as shown as the attached picture.
I don't underand how it's works..
If someone can explain me the difference ?
Regards,
Miguel