How can I prevent malicious files from being written to the file system using a Threat Emulation blade of SandBlast Agent? In policies, I can only specify whether to emulate these files or not.
Files have to be downloaded in order to be sent to Cloud or Local Emulation.
I know that SandBlast Agent for Browsers has a control as to whether the files are kept afterwords or not: Where does Threat Extraction SandBlast Agent for Browsers save original files
As Dameon wrote, Threat Extraction & Threat Emulation in the SBA browser extension will prevent the malicious files from getting to the disk.
SBA browser extension is an integral part of the Sandblast Agent installation you have.
Retrieving data ...