Translation to English:
Failed to download file. Please try again only if you believe this page
What exactly does this state mean? What situation can happen?
maybe I should put it in another category?SandBlast Agent (Endpoint)
if so please move. Thanks
I attach info from the support, maybe someone will help
This is the way how the product works by default:
1.You click on the file to download it and the download procedure (triggered by browser) should be started. 2.But since we have SBA extension it catches and stops this download and goes to a link to get it 3.If it is one-time link the agent cannot get the file from the same link and you are getting the error message "Could not download the file. If you trust the web page try it again" 4.Then, if you try to download the same file again (meaning click on it), then according to the previous error message you will be able to get the file, because SBA will not inspect the same URL again. 5.Another option, if you do not want to get this error message all the time and trust the website, you can just exclude it from scanning.
Hope it explains the SBA extension work.
I'm getting this error too, but I've only noticed it when trying to test Sandblast Agent using the https://threatwiki.checkpoint.com site with the "Test Threat Emulation" link.
It's not making sense to me. I'm not sure why Sandblast Agent cannot analyze this file. Anyone else have any input?
This I believe happens when you have both SandBlast Agent and Gateway Threat Emulation at the same time. When you click on a link, the gateway attempts to emulate the file and at the same time the SBA (Browser extension) tries to access it but is locked until the Gateway get a verdict. You have two systems fighting to analyse the same file.
An additional issue is with downloading files from computer without the SBA agent. The behaviour is different each time since the browser is trying to download the file but the download pauses. The Internet Browser cannot download the file and you get these errors.
CP should provide a solution since the behaviour even though technically is totally correct, the end user experience is problematic and creates a lot of calls to the service desk.
Additionally a clear policy should be adviced by CP in cases that you have SandBlast Agent installed on some computers, Gateway Threat Emulation and computers without the SandBlast Agent.
Thanks for your response Charris. This kind of make sense because my customer is using Sandblast on their perimeter gateway as well, but I had them connect to an external connection and they are seeing the same thing. I also installed Sandblast Agent for Browsers in Chrome on my machine (which doesn't have an Endpoint Client) using a trial license and I get the same thing.
This might be something else, but I also noticed that when downloading small zip and exe files (possibly others too), it says it's emulating the file but then comes back a few minutes later saying it failed. If I test with a PDF file, it emulates that properly.
I was almost wondering if there is some type of limitation when using a trial license.
Just to clarify, when I was referring to the SBA agent I was including the Agent for Browsers as well. If you have setup Threat Emulation on gateway you and not agent on the PC you will get errors when downloading files from the Internet especially from IE. This is because TE blocks the connection until the file is analysed. During this time the browsers considers this a broken download link. I'm expecting CP to create a mechanism to send some bytes of data in order to foul the Browser.
Retrieving data ...