This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Baggy
Participant
Monday

Error logs in Threat Emulation

An event occurred in which an error log in threat emulation was output and files could not be downloaded or uploaded.
Emulation is running on ThreatCloud.

In the log, the reason for the error is explained as follows
Reason:Timeout was exceeded

I think one of the causes is that the emulation connnection handling mode of Threat Emulation is set to Maximum Prevention in the Profile setting of the Threat Prevention Policy.

Do you know the main cause?

0 Kudos
13 Replies
the_rock
MVP Gold
MVP Gold
Monday

Would you mind please send what you have configured under settings in smart console (last tab on the left menu) for that blade? I will send screenshot in a bit.

Andy

0 Kudos
the_rock
MVP Gold
MVP Gold
Monday

This is what I was referring to.

Andy

Preview file
78 KB
0 Kudos
Baggy
Participant
Monday
In response to the_rock

@the_rock 
Thank you for your response.

Here is the Screenshot. It is default.
The fail-mode is set to fail-open.

スクリーンショット 2025-10-07 091410.png

0 Kudos
the_rock
MVP Gold
MVP Gold
Monday
In response to Baggy

I selected wrong tab, I meant to choose general...is it set to allow?

Andy

0 Kudos
Baggy
Participant
Monday
In response to the_rock

@the_rock 
Yes Allow all connections Fail-open

In profile, Maximum Prevention is set and the file cannot be downloaded until the file Emulation is complete.
If this setting is set to Rapid Delivery, it improves, but I would like to know the cause of the error.

profileスクリーンショット 2025-10-07 092841.pngfailopenスクリーンショット 2025-10-07 092637.png

the_rock
MVP Gold
MVP Gold
Monday
In response to Baggy

See if below sk helps.

https://support.checkpoint.com/results/sk/sk114806

If not, I would try change to background option and install policy. If still no improvement, would certainly open TAC case.

Best,

Andy

0 Kudos
Baggy
Participant
Monday
In response to the_rock

@the_rock 

I know about this SK.

If i set Rapid Delivery will improve this.
The question is why the Timeout was exceeded error occurs.

0 Kudos
the_rock
MVP Gold
MVP Gold
Monday
In response to Baggy

I have no clue, sorry. Thats why I sugegsted TAC case.

Andy

0 Kudos
Baggy
Participant
Monday
In response to the_rock

I am asking here because the TAC says they don't know.

0 Kudos
Baggy
Participant
Monday

I am asking here because the TAC says they don't know.

When I checked the result of tecli show cloud queue at the time of the event, it showed “Cloud Connectivity Problem” and confirmed that there were many files waiting for emulation (inspection) in the queue.

Does this mean that a connection problem with ThreatCloud caused the timeout?
However, some files could be downloaded and uploaded.
Please let me know what you find out.

------------------------
tecli show cloud queue
------------------------

|file's sha1 |file's event_id |file type |insert time |status
|----------------------------------------|----------------------------------------|----------|------------------|----------------------------------------------------------------------
|pdf |203 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |197 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |96 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |94 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |88 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |85 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |82 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |81 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |77 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |75 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |16 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |7 Minutes |Cloud Connectivity Problem, waiting to resend.
|pdf |205 Minutes |Uploading to Cloud (resend).

0 Kudos
the_rock
MVP Gold
MVP Gold
Monday
In response to Baggy

Hm, thats what it seems like, possibkly connectivity issue to threat cloud...why would that heppen, that Im really not sure. Lets see if someone else may have an idea.

Any other relevant logs that you can send that might be bit more helpful?

Andy

0 Kudos
Baggy
Participant
Monday
In response to the_rock

@the_rock 

I can't share the details because it is a customer's log, but the Firewall log also recorded an error with File exceeded size limit. However, we verified that if the following settings are set to 15MB and fail-open, files exceeding the size limit can be downloaded.

SmartConsole > Manage & Settings > Blades > Threat Prevention > Advanced Settings >
Threat Emulation > Emulation Limits > Maximum file size for emulation

The maximum processing time in queue is 720 minutes, so I don't think it will be a Fail-open download, but if the error is Timeout was exceeded due to a connection problem with ThreatCloud, why can't the file be downloaded in Fail-open?

0 Kudos
the_rock
MVP Gold
MVP Gold
Monday
In response to Baggy

Well, here is the way I look at it. If you are saying TAC could not help, the more we get here, better chances we can try solve it. I get you might not be allowed to send certain things, but if you blur out any sensitive data from the log entry, that would help big time.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events