cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to test GTI connectivity?

Hi Heroes,

We have some virus cant be detected by ens 10.7 with latest Engine and AMCore.

In my lab using same ens version, and same virus sample and it was detected perfectly, but I saw it was detected by artimes... I want to know how to verify clients to GTI connection is OK? I want to make sure there has no connection issues between clients and mcafee GTI server.

From KB79640 seems ens is using artemislist.gti.mcafee.com as the GTI server(artimes server) but this FQDN is not pingable......

3 Replies
sbluemel
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: How to test GTI connectivity?

Hello,

ENS will use GTI depending on the policy and ATP settings:

ENS
cloud.gti.mcafee.com
ENS ATP
ens.rest.gti.mcafee.com
compute.amazonaws.com
ens.ria.mcafee-cloud.com
ENS ATP (Real Protect)
realprotect1.mcafee.com

 

If your policy is set to TIE only - the TIE server will do the GTI lookup and not the clients. 

The lookup itself if needed due to no local reputation is part of the debug logging for ATP:

Please enable the debug logging:

https://kc.mcafee.com/corporate/index?page=content&id=KB91797

and check the log file. If you need help please open a Service Request - do not share the logs here.

Main problem of GTI connections are missing or wrong proxy settings - please check them in the common module: https://docs.mcafee.com/bundle/endpoint-security-10.6.0-common-product-guide-windows/page/GUID-AC76C...

 

Regards,

Stefan

Re: How to test GTI connectivity?

Sorry forgot to mentioned we dont have TIE and ATP module. we only use ENSTP.

Can you share more details on how to test GTI connectivity under this scenario? thanks.

sbluemel
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: How to test GTI connectivity?

The scanner submits fingerprints of samples, or hashes, to a central database server hosted by McAfee Labs to determine if they are malware. By submitting hashes, detection might be made available sooner than when McAfee Labs publishes the next content file update.

You can configure the sensitivity level that McAfee GTI uses when it determines if a detected sample is malware. The higher the sensitivity level, the higher the number of malware detections. But, allowing more detections can result in more false positives. The McAfee GTI sensitivity level is set to Medium by default. Configure the sensitivity level for each scanner in the On-Access Scan and On-Demand Scan settings.

For frequently asked questions about McAfee GTI, see KB53735.

The main domains for ENS TP are:

DAT based GTI Queriesavqs.mcafee.com
ENS
cloud.gti.mcafee.com

 

Please verify your client can resolve these host names with your current DNS server and is also able to reach them. For such tests please use this KB for reference KB53733

This article also contains sample test files.

 

Regards,

Stefan

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community