Please look here Sandblast agent for browser - file can not be downloaded, in the comments there is a suggestion that you are using both Threat Emulation and SandBlast Agent at the same time
I already check it. But TE blade is disabled is GW and Error does not come every time, Customer faces it from some specific sites.
As per the file that I see from screenshot that you share is basically download from a mail.
can you go to the “threadwiki.checkpoint.com” and try to download the dummy file and check whether it’s block by sandblast agent or not ?
when we see this kind of messages when you download from any trusted sites then just exclude the domain to avoid this kind of message.
Its a known limitation (one-time links) of SandBlast Browser, which is mentioned in sk108695.
When you click on a link to download a file, the browser extension detects this download attempt and stops it, then generate a new download request to the same URL, but this time the download should go through the extension and be inspected.This can only happen if the URL stays the same, now when we have a one-time link (AKA dynamic links), this is randomly generated links which means that every download attempt gets its own unique URL.When trying to download from a one-time link, the extension try's to download from the link that was generated at the first click, but this link is no longer valid and therefore we get this error of "Failed to download the file. Please try again only if you trust this site".If you are sure the file is not malicious and you trust the website (in this case we are talking about an internal site so there shouldn't be any problem) you can simply exclude this IP address in the Threat Emulation policy.What will happen the next time you click on the link? The extension will not inspect the file and it will be downloaded according to the fail open/close of the Threat Emulation policy.Meaning - the file will be allowed/blocked according to what you configure in the policy if you configure the action "Allow" in Threat Emulation policy (When neither Emulation or Extraction are supported).
Retrieving data ...