AnsweredAssumed Answered

Sandblast TE250X on premises engine Release  6.9/55.990001702 not available

Question asked by Antoine Nucera on Oct 3, 2017
Latest reply on Oct 4, 2017 by Dameon Welch-Abernathy

As per sk95235 engine Release  6.9/55.990001702 is available since 26 Sep 2017 and for  Deployment: 26/09-10/10.

My TE250X engine remain is version in 6.8.2/54.990001557.

 

What does mean Deployment: 26/09-10/10 ? The engine availability for Customer using threat emulation in the cloud ? When will the latest version be available for on premises ? I have an open case at checkpoint but it seems difficult for them to answer this simple question.

 

Why this question ? Simply because I have a zip that contains a malicious javascript. In the Checkpoint Cloud this java script is detected as malicious (i use this link to test https://threatemulation.checkpoint.com/teb/upload.jsp) but it is not on my Te250X on premises when i download it on http with a browser.
The sk106123 specifies the File types supported by SandBlast Threat Emulation and that for .js / .js : these files are supported when arriving in archive as email attachment only. The protection is for the use of the files.
I can understand that for http feeds it is not possible to analyze javascript loaded by html pages without generating a high latency for users as far as most pages contain javascript.
But when javascript is in a zip it should be. No ?
So my problem is related to the version of the engine or to this specific case? In this case why this difference between the cloud and the version on premise?

Thanks

 

Outcomes