Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Capture ATP being really slow lately?

2 days in a row I've had users call asking why e-mails they're expecting haven't come through yet. Each time, they have attachments sitting in the Capture Box. I have one with a "scan pending" status that was received nearly 30 minutes ago. I've just been explaining that it's a cloud service, and I have no control over it, but I'm wondering what's going on? Are there more attachments coming through lately, and Sonicwall needs to be scaling up more with the cloud service? Anybody else seeing this?

Category: Email Security Appliances
Reply

Answers

  • David WDavid W SonicWall Employee

    @Trevor Thanks for your questions.

    We are making changes to HES starting with North America soon.

    And it is for exactly that scalability, which is why we needed to make IP changes.

    However that is not the reason for Capture being slow.

    Just like HES, Capture is also a cloud service and is managed by a different group.

    There is a setting of 30 minutes for a timeout so that if we have no response by that time they are released.

    I will inquire with the Capture team and see if they can investigate the issues with slow response times.

    One thing you can do right now is add trusted senders to the exception list which should help some.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • TrevorTrevor Newbie ✭

    Thanks, I appreciate the reply. I am reluctant to add any trusted senders right now, because recently we've had several senders that we've had correspondence with in the past that have had their e-mail accounts hijacked, and I'd hate to lose the protection against that. I'll wait to hear further from you about the response time. Thanks again.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @David W

    one statement of yours got me thinking and a bit concerned.

    There is a setting of 30 minutes for a timeout so that if we have no response by that time they are released.

    Does this really mean if HES is not able to get it's job done in 30 Minutes potential dangerous files are getting through without a Capture verdict? So customers have to hope your systems having enough resources for doing excactly what they paid for? Is this documented somewhere so customers are aware of something like that?

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @David W

    could you please give a short statement to my question above, I would highly appreciate this.

    And one follow-up, would it make sense in on-premise scenarios to raise the CRA Timeout (or any other Value) or are we screwed no matter what when the job is not done in 30 Minutes?

    Thanks in advance, Answers getting more and more rare which renders the Community not efficient. Just my € .02.

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @David W

    because a HES customer complained today that Mails got stuck in the Capture Box for a longe time. Therefore I would like to raise my questions from above again, maybe you might chime in or anyone who has some knowledge about it.

    --Michael@BWC

  • David WDavid W SonicWall Employee

    @BWC the Capture side is there own servers. It's not about the HES servers resources at all here.

    There are settings you can change for on prem appliances however in most cases those settings are optimal.

    The Backend Capture team has made some optimizations last week which should help.

    Sorry for the late response I was out most of last week and getting caught up on things this week.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @David W

    I got you, most of us are busy, for a good part because of some unnamed solutions not doing what they supposed to do.

    Could you please take the time to answer this open question? It seems important, at least to me.

    Does this really mean if HES is not able to get it's job done in 30 Minutes potential dangerous files are getting through without a Capture verdict? So customers have to hope your systems having enough resources for doing excactly what they paid for? Is this documented somewhere so customers are aware of something like that?

    --Michael@BWC

  • AnkurAnkur Moderator
    edited March 2021

    Hi @BWC : More than 99% files get processed within 5 mins. The 30 mins timeout is a very long timeout. There were some recent issues with a third party engine of Capture ATP that led to longer processing time. It was a temporary issue and was resolved. Before moving to Capture ATP sandbox filtering, the files get scanned against 4 other leading anti-virus engines and existing Capture ATP signatures. The real solution for the problem you have pointed is to get the file judgement quickly. We can improve on that if there are any issues reported regarding delay.

    Since this feature is a block until verdict, we cannot infinitely hold the file. Based on our data, 30 mins is optimum balance between security and email deliverability.

    We provide higher flexibility on our On-Prem ES solution where customers can configure their timeout.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Ankur

    thanks again for making a short story long. It's a simple Question I need to answer to my Customer, so do SNWL.

    In the rare condition that an Attachment is stuck for 30+ Minutes, does the File leave the Capture Box without a verdict, yes or no?

    ---Michael@BWC

Sign In or Register to comment.