cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor SWISS
Reliable Contributor
Report Inappropriate Content
Message 1 of 4

ATD 4.8 still reporting Analysed FILES (LOW RISK) als Unknown to TIE/EPO

Jump to solution

2019-11-21 14_50_12-Window.png

 

ATD 4.8 still reporting Analysed FILES (LOW RISK) als Unknown to TIE/EPO

The screenshots says it all. Why in the world does this not work in ATD 4.8 finally?

We should i see UNKNOWN (ATD) when the rating resulted in "LOW RISK"

Did we do something wrong or is like it should be? Which is from our view strange...

 

 

 

 

 

1 Solution

Accepted Solutions
McAfee Employee rbrady
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ATD 4.8 still reporting Analysed FILES (LOW RISK) als Unknown to TIE/EPO

Jump to solution

This isn't a problem in ATD.  It is a choice in mapping that the TIE team made.  You can see the table of scores and what they map to in TIE in https://kb.mcafee.com/agent/index?page=content&id=KB84600.

TIE 2.1.1 (and later):
ATD Reputation TIE Reputation Description
-2              0 Not set
-1              99 Known Trusted
0             50 Unknown
1             50 Unknown
2              50 Unknown
3              30 Might be Malicious
4              15 Most Likely Malicious
5              1 Known Malicious


TIE 2.1.0:

ATD Reputation TIE Reputation Description
-2              0 Not set
-1              99 Known Trusted
0             85 Most Likely Trusted
1             70 Might be Trusted
2              50 Unknown
3              30 Might be Malicious
4              15 Most Likely Malicious
5              1 Known Malicious

The mapping changed in TIE 2.1.1 and later.  If you would like to see it changed, submit a PER to the TIE team for consideration.

Was my reply helpful?

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

3 Replies
McAfee Employee rbrady
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ATD 4.8 still reporting Analysed FILES (LOW RISK) als Unknown to TIE/EPO

Jump to solution

This isn't a problem in ATD.  It is a choice in mapping that the TIE team made.  You can see the table of scores and what they map to in TIE in https://kb.mcafee.com/agent/index?page=content&id=KB84600.

TIE 2.1.1 (and later):
ATD Reputation TIE Reputation Description
-2              0 Not set
-1              99 Known Trusted
0             50 Unknown
1             50 Unknown
2              50 Unknown
3              30 Might be Malicious
4              15 Most Likely Malicious
5              1 Known Malicious


TIE 2.1.0:

ATD Reputation TIE Reputation Description
-2              0 Not set
-1              99 Known Trusted
0             85 Most Likely Trusted
1             70 Might be Trusted
2              50 Unknown
3              30 Might be Malicious
4              15 Most Likely Malicious
5              1 Known Malicious

The mapping changed in TIE 2.1.1 and later.  If you would like to see it changed, submit a PER to the TIE team for consideration.

Was my reply helpful?

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Reliable Contributor SWISS
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: ATD 4.8 still reporting Analysed FILES (LOW RISK) als Unknown to TIE/EPO

Jump to solution

Why should it SAY UNKNOWN when the ATD has rated the file "LOW RISK". Where is the LOGIC. Only a developer can generate such strange things. Show that to a customer managment guy who spent USD 250'000 on Sandbox and TIE and he will think we (IT) are nuts?

If IT could not rate the FILE (For whatever reason) it should say something like that.

That's complete unlogic. Mcafee integrated our feature request for the GREEN / RED colors we brought up but the ATD Reports for PDF are unclear.

Why should it look in another way than on the ATD GUI itself?

 

2019-11-21 16_19_12-Window.png 

McAfee Employee rbrady
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: ATD 4.8 still reporting Analysed FILES (LOW RISK) als Unknown to TIE/EPO

Jump to solution

@SWISS 

 

As to why this choice was made, that is a question for the TIE product management team.  They made the choice to map the severity ratings this way.  ATD hasn't changed how it scores or how it reports those scores when queried by TIE.

As for the question about reports for PDF files being unclear, I'm not sure what the ask is.  What part of the report isn't clear when a PDF file is scanned?

 

Was my reply helpful?

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community