Hi we have seen an issue with a file being allowed through threat emulation as detect instead of prevent at a customer. We have looked over the SKs but cant seem to find one that is applicable except maybe a timeout issue to ted daemon we found in an SK.
We have background mode in Anti virus/anti-bot under Manage settings/threat prevention settings but at the profile for threat emulation we have hold. Can this mismatch cause an issue? We thought Threat emulation would always hold but can it be affected by having background on antivirus?
Here is the logs of TE on the GW and TEAppliance aswell as antivirus. Anti virus is set to background so it gets detect correctly. But emulation is hold, it also just says detect without a reason.
We found something regarding a timeout value for ted in an sk and it might be the case, the logs had been rotated out when we saw the issue so cant inspect further. We are wondering if this mismatch can cause this issue or if it must be the timeout issue to ted daemon or if it can be something else.
| User | Count |
|---|---|
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |
Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WANThu 02 May 2024 @ 05:00 PM (CEST)
SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
