In This Section: |
Threat Emulation connects to the ThreatCloud to update the engine and the operating system images. The default setting for the Threat Emulation appliance is to automatically update the engine and images.
The default setting is to download the package once a day.
Best Practice - Configure Threat Emulation to download the package when there is low network activity.
Update packages for the Threat Emulation operating system images are usually more than 2GB. The actual size of the update package is related to your configuration.
To enable or disable Automatic Updates for Threat Emulation:
The Updates page opens.
Update packages for the Threat Emulation operating system images are usually more than several Gigabytes. The actual size of the update package is related to your configuration.
The default setting is to download the package once a week on Sunday. If Sunday is a work day, we recommend that you change the update setting to a non-work day.
To update the operating system image for Threat Emulation on a gateway:
The Updates page opens.
You can change these advanced settings on the Emulation appliance to fine-tune Threat Emulation for your deployment.
To prevent too many files that are waiting for emulation, configure these emulation limits settings:
If emulation is not done on a file for one of these reasons, the Fail Mode settings for Threat Prevention define if a file is allowed or blocked.
You can configure the maximum amount of time that a file waits for the Threat Emulation Software Blade to do emulation of a file. There is a different setting that configures the maximum amount of time that emails are held in the MTA.
If the file is waiting for emulation more than the maximum time:
The Threat Emulation Engine Settings window opens.
The Threat Emulation Settings window opens.
When a Threat Emulation analysis finds that a file is clean, the file hash is saved in a cache. Before Threat Emulation sends a new file to emulation, it compares the new file to the cache. If there is a match, it is not necessary to send it for additional emulation. Threat Emulation uses the cache to help optimize network performance.
Best Practice - Do not change this setting.
The Threat Prevention Engine Settings window opens.
The Threat Emulation Settings window opens.
The Emulation appliance must have a virtual IP address and netmask to do file emulation. This setting is not used for emulation in the ThreatCloud.
Important - Only change this virtual IP address if it is already used in your network. |
To change the IP address of the virtual interface:
The Threat Emulation Settings window opens.