cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Threat Emulation & Extraction Protocol Error 402

I can't seem to find any information on this error online performing Google searches, so my apologies if this has been asked before.

A user of ours is getting this error every time he opens or creates a new project in DriveWorks:

t[121118T120721.695]p[1470:12]l[Error]s[Engine]: Can't emulate image (sha1 '86f9692d8b8f5b88734520a01ff829a2dc14c15c' path 'C:\Users\xxxx\AppData\Local\Temp\DW\Shared\DSGR 2018-11-12 12-07-19.driveprojx') because of: 'ProtocolError' 'The remote server returned an error: (402) Payment Required.'

Anyone know what that means?  We're running R77.30.03 infrastructure with Check Point Endpoint Protection E80.83 installed using blades: MEPP, Anti-Ransomware, Anti-Bot, Threat Extraction & Emulation, Compliance, URLF, FW, App Control, & VPN.  Since this software will be used by many after initial testing, I will need to make sure this doesn't happen to everyone.

Please don't tell me this is the obvious and someone hasn't paid the bill. 

Charlie Dobson 

10 Replies

Re: Threat Emulation & Extraction Protocol Error 402

How is TE in the cloud licensed ? On a GW, cpstat threat-emulation -f contract and tecli s c q will show the current quota, but with EPSS maybe a cplic print is enough ?

Re: Threat Emulation & Extraction Protocol Error 402

When I run the cpstat threat-emulation -f contact, all I see are dashes:

TE Contract Name:                          -
TE Subscription Expire Date:               -
TE Cloud Hourly Quota:                     -
TE Cloud Monthly Quota:                    -
TE Cloud Remaining Quota:                  -
TE Maximal VMs Number:                     -
TE Subscription Status:                    -
TE Cloud Quota Status:                     -
TE Subscription Description:               -
TE Cloud Quota Description:                -
TE Cloud Quota Identifier:                 -
TE Cloud Monthly Quota Period Start:       -
TE Cloud Monthly Quota Period End:         -
TE Cloud Monthly Quota Usage for This GW:  -
TE Cloud Hourly Quota Usage for this GW:   -
TE Cloud Monthly Quota Usage for Quota ID: -
TE Cloud Hourly Quota Usage for Quota ID:  -
TE Cloud Monthly Quota Exceeded:           -
TE Cloud Hourly Quota Exceeded:            -
TE Cloud Last Quota Update GMT Time:       -

cplic print shows that our CPSB-EBP-TE (Threat Extraction) expires on March 15, 2019.  So it appears our subscription is still valid.

Thank you for showing me that.  Any other ideas as to what could be causing this error?

0 Kudos

Re: Threat Emulation & Extraction Protocol Error 402

I did already write that cpstat  may not be the correct command for EPSS !  CPSB-EBP-TE is a rather old license (3-4 years old) that has a certain quota that can be shown using the CK of the license.

0 Kudos

Re: Threat Emulation & Extraction Protocol Error 402

Dumb question: Is the CK of the license safe to post here?

0 Kudos

Re: Threat Emulation & Extraction Protocol Error 402

As it is only the certificate key, but not the license itself, i would see no risk as nobody else has access to the license. But there is another possibilty: You can open an Account Services ticket in UserCenter (that is possible for everyone) and ask them to check the licence(s) for you...

0 Kudos

Re: Threat Emulation & Extraction Protocol Error 402

Thanks, I wasn't sure.  The CK is  CK-00-1C-7F-30-D4-A2

0 Kudos

Re: Threat Emulation & Extraction Protocol Error 402

The CK is a 4807 without TE license. But customer has a 3100 with SandBlast and Endpoint Complete including SandBlast Agent for a year. And after all, he has direct premium support, so you could contact TAC immediately...

Re: Threat Emulation & Extraction Protocol Error 402

In UserCenter, there is a report for SandBlast Cloud Quota Usage - go to Product Center > Blades Tab - Threat Emulation Cloud Report !

0 Kudos

Re: Threat Emulation & Extraction Protocol Error 402

I don't seem to have a Cloud Report listed after clicking on Threat Emulation.  However, I do see this:

It seems I have inherited a licensing mess from the previous Admin.  I can't tell from the image if I'm licensed for Threat Extraction or if it expired.  Clicking on the non-expired Enterprise Based Protection link, it lists all my gateway devices, so I assume the license is still valid?

If I click on SandBlast Service Report, I see this:

Which suggests I have a capacity of half a million uploads?

0 Kudos

Re: Threat Emulation & Extraction Protocol Error 402

Just ask AccountServices !