Hi. The file itself is not stored in the cache. Just the hash. And how long the hash is stored.... dunno. Believe you can modify the number of file hashes to save in local cache, if I don't remember wrong.
optimize emulation and give better network performance
That means, if a file hash is already stored in the cache, when a file with the same hash arrives in an email attachment or to be downloaded from web, there is no need to send it to the te for full Emulation again.
This reduces network traffic to a local sandblast appliance or checkpoint cloud. And if it has not to be emulated again, emulation is optimized.
But if is not necessary emulate this file again, I suppose that the this file (after extraction) was store when it was emulated.
Not the file itself, just the file hash.
So, is ready to send to user when the Sandblast receive its hash again.
The gateway detects a file, calculates the hash and compares it with ist file hash cache. If it's a known hash, the file is passed or dropped according to the last scan/emulation result. The sandblast will not be involved again.
"Sandblast" may be located on the gateway itself (emulate locally), in the cloud or on a local, separate device.
Or the "optimization" is valid only for the files that is not necessary to emulate again because are "clean" without extraction?
Not just the clean ones. When a file "arrives" at the Gateways which has a hash which is stored in the cache and already being classified as malicious, it will be immediately be dropped, i assume.
If i am wrong, Checkpoint staff and CheckMates, please correct me, thanks 
Cheers
Vincent
Hi
I'm looking in the Threat Extraction configuration.
I can see that in the section "Resource Allocation" there is:
"Delete stored original files older than ..."
Which kind of file are considered in this option?
Thanks
Please see attach image
Hi, thanks for your answers.
I’m looking this document:
Day2-01-SandBlast training-SandBlast Local emulation-v1.0.pdf
On page 39 I can see:
I suppose that the default time to live that files are stored in the cache is 7 days.
But in the previously image that I attached before I can see default value is 14 days.
--> "Delete stored original files older than ..."
Are these different kind of files?
Is there only one cache for all the VM images or one cache for all VM image?
Thanks
| User | Count |
|---|---|
| 24 | |
| 22 | |
| 19 | |
| 12 | |
| 10 | |
| 9 | |
| 7 | |
| 6 | |
| 6 | |
| 5 |
Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsMon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
