Create a Post
Showing results for 
Search instead for 
Did you mean: 

Threat emulation log Detect

Hi we have seen an issue with a file being allowed through threat emulation as detect instead of prevent at a customer. We have looked over the SKs but cant seem to find one that is applicable except maybe a timeout issue to ted daemon we found in an SK. 


We have background mode in Anti virus/anti-bot under Manage settings/threat prevention settings but at the profile for threat emulation we have hold. Can this mismatch cause an issue? We thought Threat emulation would always hold but can it be affected by having background on antivirus?


Here is the logs of TE on the GW and TEAppliance aswell as antivirus. Anti virus is set to background so it gets detect correctly. But emulation is hold, it also just says detect without a reason.



We found something regarding a timeout value for ted in an sk and it might be the case, the logs had been rotated out when we saw the issue so cant inspect further. We are wondering if this mismatch can cause this issue or if it must be the timeout issue to ted daemon or if it can be something else.



0 Kudos
3 Replies

You can go into the Threat Prevention settings and check what your emulation size and timeout limits are:



If you are using Cloud Emulation, you can use the command tecli show cloud queue to see if things are getting stuck in queues for long periods. If you are doing Threat Emulation with an on-prem appliance, I believe the command is tecli show remote queue from the Gateway enforcing the TE policy.


Can you expand the Threat Emulation dropdown from the 1st screen shot and show us how TE is configured in this policy?


0 Kudos



This is it. The size is below the time i cant say, but generally when these limits are hit it says so in the log file "maximum size/time limit exceeded".


0 Kudos

Hi there,

Is there any solution for this issue?

Many thanks

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events