Adavptive threat Protection Options and GTI review of PDFs
I have been researching this for a little while now and I unfortunately do not have full access to review all the settings for this. From the ENS Help site
https://kc.mcafee.com/corporate/index?page=content&id=KB53735, It reads the following: GTI File Reputation looks for suspicious programs, Portable Document Format (PDF) files, and Android Application Package (.APK) files that are active on endpoints running McAfee products, including Endpoint Security (ENS). In the options section there is a way to disable or enable Cloud Based scanning.
The GTI normally uses a Hash based means of scanning and returning whether or not the file is good, unknown or bad. (Laymens terms here) But in the above snippet it reads as if it sends the .pdf document to the GTI for scanning. Is this true, or is it still just the hash value. I have not been able to find this information anywhere. If it does send the .pdf, is there a way to disable this so that it doesn't send the .pdf and we assume the security risk of not scanning it?
Re: Adavptive threat Protection Options and GTI review of PDFs
Contiued reading, I read through the GetClean Tool product guide and this tool collects and sends only unknown or False positives. The GetClean tool does not send any PDF documents but does help with any other product that uses McAfee whitelising. it also mentions that it will only dubmitt exes, dlls, plfs scrs and sys files.
Do I need to worry about my pdf files? I would like to know this as it can be a show stopper for us if it does send .pdf documents to McAfee Labs?