This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
BB-MDK
Participant
‎2021-10-07 04:59 AM

Thread Emulation - get prevented file from Threat Cloud?

Hey guys,

is it possible to get a file from Check Point Threat Cloud which has been prevented by TE?

Maybe something similar to the CLI command "scrub send_orig_file"?

Or is it only possible to create an exception and let the file be sent again?

 

Thanks and Kind Regards

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2021-10-09 09:42 PM

I believe scrub send_orig_file will still work even when emulation is done in the cloud as the file should be stored on the gateway that preventing it.

0 Kudos
BB-MDK
Participant
‎2021-10-10 11:25 PM
In response to PhoneBoy

Hi PhoneBoy,

thanks for your comment. I only have one log entry about the block event and it's the thread emulation blade. In the log I don't have a field with file-id...

0 Kudos
PhoneBoy
Admin
Admin
‎2021-10-10 11:46 PM
In response to BB-MDK

Can you provide a log card?
Redact any sensitive details of course.

0 Kudos
BB-MDK
Participant
‎2021-10-10 11:54 PM
In response to PhoneBoy

Sure - there you go

te.jpg

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-10-11 12:04 AM
In response to BB-MDK

I wonder if you can see the fileid in /var/log/maillog 

0 Kudos