My colleagues are usnig a webiste which deals with researching subjects. Every day, colleagues have to download a couple of documents in pdf format from that website. Nothing special: pdf-s are approximately up to 5 MB in size and contain various PowerPoint presentations.
However, the problem is the following:
Each time, the same document is subject to emulation - even though it was previously emulated. So, every time a new MD5 / SHA1 is created for the pdf, which causes colleagues to wait unnecessarily. (for every document from that web site)
With other web-sites, this is not the case. ThreatEmulation works correctly, and when a document is downloaded, it remains in the cache and the same MD5 remains written for it (for a certain time as configured).
Do you have experience with this problem?
Please note that we do not have any other options set for this specific website, and no exceptions. They are subject to the inspection and profile we use for other websites.
Thanks in advance!