AnsweredAssumed Answered

Endpoint threat extraction and emulation issue with temp directory

Question asked by Katelyn Eubanks on Nov 8, 2018
Latest reply on Nov 13, 2018 by Katelyn Eubanks

Hello,

We have two programs that sandblast threat extraction and emulation blade seems to be interfering with certain functions. For instance, when using one of these two programs the end user wants to generate a report and download as a .pdf. When initiated it seems the program attempts to start creating the .pdf and then never actually created the .pdf document. We have tested with shutting off blades and determined that it has to do with two things: First is that the endpoint keeps hold of the temp directory so that users cannot access within another program because it will state that the program is already being used by another program, i.e Word, Adobe. The second issue is that we have to turn off emulate files written to the file system and then it will generate the .pdf documents and print just fine. Has anyone else ever experience this? We have whitelisted both programs and processes that seem to run and it makes no difference. Checkpoints solution was to shut off the emulate part but that is a vital part of the endpoint client. Server R77.30, endpoint 80.85.

Outcomes