Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BB-MDK
Participant

Thread Emulation - get prevented file from Threat Cloud?

Hey guys,

is it possible to get a file from Check Point Threat Cloud which has been prevented by TE?

Maybe something similar to the CLI command "scrub send_orig_file"?

Or is it only possible to create an exception and let the file be sent again?

 

Thanks and Kind Regards

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

I believe scrub send_orig_file will still work even when emulation is done in the cloud as the file should be stored on the gateway that preventing it.

0 Kudos
BB-MDK
Participant

Hi PhoneBoy,

thanks for your comment. I only have one log entry about the block event and it's the thread emulation blade. In the log I don't have a field with file-id...

0 Kudos
PhoneBoy
Admin
Admin

Can you provide a log card?
Redact any sensitive details of course.

0 Kudos
BB-MDK
Participant

Sure - there you go

te.jpg

 

0 Kudos
PhoneBoy
Admin
Admin

I wonder if you can see the fileid in /var/log/maillog 

0 Kudos