Threat Prevention - Threat Emulation Settings

What can I do here?

Use this window to configure Threat Emulation settings such as File Type support and Emulation Limits.

Getting Here - Manage & Settings > Blades > Threat Prevention > Advanced Settings > Threat Emulation

Emulation Limits

To prevent too many files that are waiting for emulation, configure these emulation limits settings:

Maximum file size
Maximum time that the Software Blade does emulation
Maximum time that a file waits for emulation in the queue (for Emulation appliance only)

If emulation is not done on a file for one of these reasons, the Fail Mode settings for Threat Prevention define if a file is allowed or blocked.

You can configure the maximum amount of time that a file waits for the Threat Emulation Software Blade to do emulation of a file. There is a different setting that configures the maximum amount of time that emails are held in the MTA.

If the file is waiting for emulation more than the maximum time:

Threat Emulation Software Blade - The Threat Prevention profile settings define if a file is allowed or blocked
MTA - The MTA settings define if a file is allowed or blocked

Configuring Emulation Limits

In SmartConsole, select Manage & Settings > Blades > Threat Prevention > Advanced Settings.
The Threat Emulation Engine Settings window opens.
Click Configure settings.
The Threat Emulation Settings window opens.
Configure the settings for the emulation limits.
- From When limit is exceeded traffic is accepted with track, select the action if a file is not sent for emulation:
- None - No action is done
- Log - The action is logged
- Alert - An alert is sent to SmartView Monitor
Click OK and then install the policy.

Changing the Local Cache

When a Threat Emulation analysis finds that a file is clean, the file hash is saved in a cache. Before Threat Emulation sends a new file to emulation, it compares the new file to the cache. If there is a match, it is not necessary to send it for additional emulation. Threat Emulation uses the cache to help optimize network performance.

Best Practice - Do not change this setting.

Changing the Size of the Local Cache

In SmartConsole, select Manage & Settings > Blades > Threat Prevention > Advanced Settings.
The Threat Prevention Engine Settings window opens.
Click Configure Settings.
The Threat Emulation Settings window opens.
From Number of file hashes to save in local cache, configure the number of file hashes that are stored in the cache.
Click OK and then install the policy.