Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Filip_Wennerhul
Participant

sandblast emulation optimzation

Hi,

Is there a way to optimize Sandblast emulation for a single file when not in queue on a remote appliance? Like only emulate files once even if its not in queue or run both emulations paralell.

Right now we have a Checkpoint GW and TE appliance. Without queue it takes around 2.5 minutes to get a file (500Kb docx, with macro), which causes the server to timeout. Around 30 seconds to get to the appliance, then 60 seconds for first emulation than 60 seconds for second emulation. 

 

Ive checked through the sandblast SKs first i can no longer find any info on how many times TE emulates files, not even in the atrg. I could have sworn I've seen it before where it says it emulates it once together with others than it emulates it again in its own VM and then it emulates it again if its found malicious on the second emulation. right now i cant find that info at all.

 

So is there something that can minimize emulations or some other advanced attributes that can speed up the emulations?

 

Regards

 

0 Kudos
4 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events