cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 1 of 6

Deep Neural Network Prediction V4.0 problems with different files

Hello,

We have large problems with the Deep Neural Network Prediction module in Firmware 4.X. This info goes back into TIE.

a) Some Microsoft Framework Assemblys are falsle rated MEDIUM. We have the same problem with ENS 10.5 ATP/TIE Module which was solved one time by an DEF Update on the TIE. But now also on the ATD.

b) Most of the DEL-PHI Executables (Even small tools as example) are rated as MEDIUM and thus would be blocked from TIE/ATP.

c) H-P Drivers for STORAGE are rated at MEDIUM

Now for the H-P Workstation Storage driver i don't have to explain if ANYTHING blocks that file at any point.

We turned the Deep Neural Network Prediction module off after this.

5 Replies
Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: Deep Neural Network Prediction V4.0 problems with different files

Seems to reach Development...

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

Re: Deep Neural Network Prediction V4.0 problems with different files

Hello,

yes, version 4.0.2.42 has some really bad bugs...

Our appliance detected clean PDF Files as malware...also the GRANT Letter from McAfee *g*

Can you send me one of the samples? It would be interesting if my appliance has the same problem. If yes, we have a much more bigger Problem, because the behavior changes based on the used Analyzer VMs.... 😕

cheers

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: Deep Neural Network Prediction V4.0 problems with different files

@Throsten,

They have to FIX this NOW asap. Since verybody HAS to upgrade to 4.0 because of the Exploit on the ATD.

Andere Delphi Files

Sample: http://www.lansa.com/support/tips/t0064.htm (These where OK)

Samples: https://sites.google.com/site/pewtas/delphitable2 (These where all Malicious)

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: Deep Neural Network Prediction V4.0 problems with different files

@Thorsten,

Just opened a case:

4-1765247733

There seems to be a difference under ATD 4.0 if the PDF is scanned on a 32 or 64BIT VM machine!

For the PDF i have discovered that there is a DIFFERENCE If we scan on a W7 (32BIT or 64BIT vm). Both should have the Adobe Reader installed with same patches.

Both with same profile. But i have also one PDF the dxl_201_rn_0-00_en-us.pdf (Release Notes SXL 201 from Mcafee site) as exmaple which get CLEAN on both 32/64BIT VM's.

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 6 of 6

Re: Deep Neural Network Prediction V4.0 problems with different files

1/3 ATD 4.0 problems > Solved The PDF False/Positve has been solved for the ATD 4.0 with a new DETECTION package on 18.07.2017 for us. However the E-Mail Connector SCAN of PDF failure is still there.

A new RPM package has been released.

Please check the new RPM package, you should observe POP UP notification in UI for new detection pkg availability.

If it’s not there, please check ATD DNS is configured properly or not. After setting proper DNS notification should come within 1 hour.



 

If this fails to appear, then you can install th pkg from the CLI. The steps are below:

Go to McAfee downloads and download atd-detection package as shown below


  Using ftp account atdadmin/atdadmin on port 22 transfer to file to ATD

Once transferred, log in to ATD CLI and connect with cliadmin account

Then run the following command:

# install package <nameOfThePackage.rpm>

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator