Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alexander_Simon
Explorer

Where am i view block attachment Theat Emelation and download blocked files.

Where am i view block attachment Theat Emelation and download blocked files?

I am usage Next Generation SMS R 80.10

0 Kudos
6 Replies
Shehan_Wickrama
Collaborator

Hi Simonov,

You can view the files from logs for Threat Emulation and you can view the stats from Monitor Pane as well.

Monitor Pane Checkpoint

Checkpoint Threat Emulation File view- Shehan

Hope this helps.

0 Kudos
Alexander_Simon
Explorer

I want download blocked attachment.

0 Kudos
Shehan_Wickrama
Collaborator

Hi,

You can white list the file

To configure files on the Threat Prevention Whitelist:

  1. In R80 SmartConsole, click Security Policies > Threat Prevention > Policy > Threat Tools > Whitelist Files.
  2. Click New.

    The Whitelist File window opens.

  3. Enter the Object Name and MD5 signature for the new file exception.

    Note - To edit or remove Whitelist files, right-click the file and select the applicable option.

  4. Click OK.
  5. Install the Threat Prevention policy.
0 Kudos
_Val_
Admin
Admin

He needs to get access to the files that were blocked after emulation, so the answer is in a different comment.

0 Kudos
Shehan_Wickrama
Collaborator

Great and thanks for helping

_Val_
Admin
Admin

Hi Alexander Simonov, emulated files are stored on your TE appliance, not on your SMS, in the following folder: /var/log/mal_files/, in case you are using local emulation. The information you were looking for is in the ATRG: Threat Emulation document.

Feel free to let me know if you were looking for something else.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events