The objective of this use case is to demonstrate the ability to immunize your environment before a threat ever occurs. Successful completion of this use case will demonstrate the ability to import threat intelligence.
You have the ability to immunize your environment before a threat occurs. You can get this intelligence from third-party threat feeds, the media, or other security products.
In ePO click on Menu | Systems Section | TIE Reputations | File Overrides
**Reputations can also be imported via xml or ePO API
Note: There is no specified limit in the file size that can be imported but be aware that every definition will trigger a reputation change event.
Hash tool Determining the hash of a file allows the administrator to import a reputation before the file ever enters the environment. As referenced in the Content section a free Hash tool can be found at http://www.keir.net/hash.html
Log in to the Client system and attempt to run Morph.exe.
The file is blocked immediately because we set its reputation to Most Likely Malicious in the previous step. This reputation was immediately known by the endpoint because TIE and the DXL operate in real time.
The TIE solution gives the administrator the ability to immunize the enterprise with imported threat intelligence.