We have large problems with the Deep Neural Network Prediction module in Firmware 4.X. This info goes back into TIE.
a) Some Microsoft Framework Assemblys are falsle rated MEDIUM. We have the same problem with ENS 10.5 ATP/TIE Module which was solved one time by an DEF Update on the TIE. But now also on the ATD.
b) Most of the DEL-PHI Executables (Even small tools as example) are rated as MEDIUM and thus would be blocked from TIE/ATP.
c) H-P Drivers for STORAGE are rated at MEDIUM
Now for the H-P Workstation Storage driver i don't have to explain if ANYTHING blocks that file at any point.
We turned the Deep Neural Network Prediction module off after this.
yes, version 18.104.22.168 has some really bad bugs...
Our appliance detected clean PDF Files as malware...also the GRANT Letter from McAfee *g*
Can you send me one of the samples? It would be interesting if my appliance has the same problem. If yes, we have a much more bigger Problem, because the behavior changes based on the used Analyzer VMs.... 😕
Just opened a case:
There seems to be a difference under ATD 4.0 if the PDF is scanned on a 32 or 64BIT VM machine!
For the PDF i have discovered that there is a DIFFERENCE If we scan on a W7 (32BIT or 64BIT vm). Both should have the Adobe Reader installed with same patches.
Both with same profile. But i have also one PDF the dxl_201_rn_0-00_en-us.pdf (Release Notes SXL 201 from Mcafee site) as exmaple which get CLEAN on both 32/64BIT VM's.
1/3 ATD 4.0 problems > Solved The PDF False/Positve has been solved for the ATD 4.0 with a new DETECTION package on 18.07.2017 for us. However the E-Mail Connector SCAN of PDF failure is still there.
A new RPM package has been released.
Please check the new RPM package, you should observe POP UP notification in UI for new detection pkg availability.
If it’s not there, please check ATD DNS is configured properly or not. After setting proper DNS notification should come within 1 hour.
If this fails to appear, then you can install th pkg from the CLI. The steps are below:
Go to McAfee downloads and download atd-detection package as shown below
Using ftp account atdadmin/atdadmin on port 22 transfer to file to ATD
Once transferred, log in to ATD CLI and connect with cliadmin account
Then run the following command:
# install package <nameOfThePackage.rpm>