cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to whitelist an ATP suspect as it is a known process?

Jump to solution
I am receiving many threat events for a particular process which is a known file. Below are details - Threat Name: ATP/Suspect!d76da4b38d4c Threat Type: Trojan Action Taken: Adaptive Threat Protection Would Clean Threat Handled: True Analyzer Detection Method: On-Execute Scan we have enabled observe mode. Since it is a known process , i want to whitelist the entire process so that i dont receive ATP suspect events like above ???? ( There are lot of DLL's and exe's associated with the process , all of which need to be whitelisted , and some of them are not in TIE for me to mark each one known trusted )
1 Solution

Accepted Solutions
Pravas
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: How to whitelist an ATP suspect as it is a known process?

Jump to solution

Hi @User77485289 ,

The file is incorrectly detected by ATP. Please open a ticket with McAfee Support with the following details.

(i) Submit sample by referring to the options mentioned in URL below.

https://kc.mcafee.com/corporate/index?page=content&id=KB68030
 

(ii) Please attach a copy of the following logs. Should be from a system where the sample was detected. If the system is not available, please copy the entire threat event from ePO.
 

%deflogdir%\AdaptiveThreatProtection_Activity.log
 

(iii) Specify the use of the Application

(iv) Is it developed in-house or 3rd Party? Name vendor if 3rd Party

 

Note - We Only accept samples from channels mentioned in Step (i). Do Not attach to the ticket or Email.

 

If you trust the file,  On-Access exclusion can be added.

https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-DA77A...

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

2 Replies
Pravas
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: How to whitelist an ATP suspect as it is a known process?

Jump to solution

Hi @User77485289 ,

The file is incorrectly detected by ATP. Please open a ticket with McAfee Support with the following details.

(i) Submit sample by referring to the options mentioned in URL below.

https://kc.mcafee.com/corporate/index?page=content&id=KB68030
 

(ii) Please attach a copy of the following logs. Should be from a system where the sample was detected. If the system is not available, please copy the entire threat event from ePO.
 

%deflogdir%\AdaptiveThreatProtection_Activity.log
 

(iii) Specify the use of the Application

(iv) Is it developed in-house or 3rd Party? Name vendor if 3rd Party

 

Note - We Only accept samples from channels mentioned in Step (i). Do Not attach to the ticket or Email.

 

If you trust the file,  On-Access exclusion can be added.

https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-DA77A...

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Re: How to whitelist an ATP suspect as it is a known process?

Jump to solution
Hi Pravas, Thanks for the reply

Just a quick question - Will making the file known trusted on TIE , cause the ATP alerts to not trigger as well??
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community