When a PDF file is opened and the content is missing components such as graphs and tables, which component of SandBlast protection is likely being used?

In the scenario where a PDF file is opened and certain elements like graphs and tables are missing, it is likely a result of SandBlast Threat Extraction being utilized. This component is designed to enhance email security and file sharing by removing potentially harmful content while allowing users to access the benign parts of a document.

Threat Extraction works by removing and replacing risky or untrusted content within files with a sanitized version, which is safe for the user to interact with. This often leads to scenarios where certain elements—such as embedded graphs or complex tables that may pose a risk—are removed to ensure that the file is safe from threats. The remaining content is then delivered to the end user, which may explain why the graphs and tables are absent upon opening the document.

In contrast, Threat Emulation focuses on detecting malware by executing files in a secure environment to analyze their behavior before delivering them to the user, but it does not alter the content of the files themselves. SandBlast Agent is primarily focused on endpoint protection and monitoring, and Check Point Protect is more about securing the data rather than specifically manipulating file contents. Therefore, in this situation, Threat Extraction is the component that aligns most closely with the described behavior of missing components in the opened PDF.