cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Zebu
Level 9
Report Inappropriate Content
Message 1 of 5

ATP McAfee GTI connection

Jump to solution

Hello,

Currently we are using ATP without TIE Server infrastructure. We would like to know how much network load generated on client when using "McAfee GTI Connectivity Only"

Thank you in advance!

Zebu

1 Solution

Accepted Solutions
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: ATP McAfee GTI connection

Jump to solution

Hi @Zebu 

Thank you for your post. GTI queries from any component will essentially be a DNS query with obfuscated content being sent to our GTI Servers and hence should not weigh much (Less than a KB).

Based on the frequency with which the query happens (depending on the number of unknown files we see each day on your machine), this should be a manageable even for thousands of nodes in your network.

Although we do not have a specific number here is an explanation from KB53735:

GTI File Reputation takes up minimal bandwidth because it triggers only if the existing DAT files do not detect a threat in the program, PDF, or .APK being scanned. Determination of suspicious files is carefully tuned so that only truly suspicious files generate network traffic. If the sensitivity setting is set to Very Low or Low, you can expect an average of 10–15 queries per day, per computer. If the setting is set to Medium, High, or Very High, you can expect an average of 20–25 queries per day, per computer. The number of queries depend on the scan type (On-Access Scan or On-Demand Scan) and how many files are being scanned.

In ATP component as well, GTI queries use similar concept and endpoints do not upload a complete file as such.

I sincerely hope this helps in answering your query.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

4 Replies
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: ATP McAfee GTI connection

Jump to solution

Hi @Zebu 

Thank you for your post. GTI queries from any component will essentially be a DNS query with obfuscated content being sent to our GTI Servers and hence should not weigh much (Less than a KB).

Based on the frequency with which the query happens (depending on the number of unknown files we see each day on your machine), this should be a manageable even for thousands of nodes in your network.

Although we do not have a specific number here is an explanation from KB53735:

GTI File Reputation takes up minimal bandwidth because it triggers only if the existing DAT files do not detect a threat in the program, PDF, or .APK being scanned. Determination of suspicious files is carefully tuned so that only truly suspicious files generate network traffic. If the sensitivity setting is set to Very Low or Low, you can expect an average of 10–15 queries per day, per computer. If the setting is set to Medium, High, or Very High, you can expect an average of 20–25 queries per day, per computer. The number of queries depend on the scan type (On-Access Scan or On-Demand Scan) and how many files are being scanned.

In ATP component as well, GTI queries use similar concept and endpoints do not upload a complete file as such.

I sincerely hope this helps in answering your query.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

wouterr
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: ATP McAfee GTI connection

Jump to solution

@AdithyanTare you sure about this? GTI over DNS is only used by threat protection, not ATP. ATP is using GTI over https.

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: ATP McAfee GTI connection

Jump to solution

Hi @wouterr,

Excellent Observation and thank you for your response. Yes, port 443 is involved, however, the reason behind the same is explained below:

Access to Global Threat Intelligence (GTI) is configured on port 443 using an FQDN so that a DNS lookup can return the nearest and most accurate IP address records at any given time. This returned result can be any of several IP addresses across the globe. Because the exact IP address is not known in advance, firewall administrators must open port 443 outbound globally. If the firewall does not support configuring an open port against a host name, or if organizational security policies do not allow it, a specific GTI IP address must be used.

Source: https://kc.mcafee.com/corporate/index?page=content&id=KB79640

However, I can re-verify this just to be sure, Do not want to take any chance of being wrong here 🙂

Thank you for your time!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: ATP McAfee GTI connection

Jump to solution

Hi @Zebu 

Thank you for marking the solution! Kudos to you for letting others know what solved your query!

Have a nice day!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community