This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BB-MDK
Participant
‎2021-10-07 04:59 AM

Thread Emulation - get prevented file from Threat Cloud?

Hey guys,

is it possible to get a file from Check Point Threat Cloud which has been prevented by TE?

Maybe something similar to the CLI command "scrub send_orig_file"?

Or is it only possible to create an exception and let the file be sent again?

 

Thanks and Kind Regards

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2021-10-09 09:42 PM

I believe scrub send_orig_file will still work even when emulation is done in the cloud as the file should be stored on the gateway that preventing it.

0 Kudos
BB-MDK
Participant
‎2021-10-10 11:25 PM
In response to PhoneBoy

Hi PhoneBoy,

thanks for your comment. I only have one log entry about the block event and it's the thread emulation blade. In the log I don't have a field with file-id...

0 Kudos
PhoneBoy
Admin
Admin
‎2021-10-10 11:46 PM
In response to BB-MDK

Can you provide a log card?
Redact any sensitive details of course.

0 Kudos
BB-MDK
Participant
‎2021-10-10 11:54 PM
In response to PhoneBoy

Sure - there you go

te.jpg

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-10-11 12:04 AM
In response to BB-MDK

I wonder if you can see the fileid in /var/log/maillog 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events