product Endpoint security 10.5 + Mcafee TIE + DXL +ATP
i don't understand this event:
what does this event mean? I can not understand
I believe that:
ENS automatically do false positive mitigations (Bad behaviour, but good reputation for example).
It is a new feature of ENS 10.5 ATP to show what events Mcafee categorised as "false positive", so you can screen for "false false positives".
The event can be triggered when DATs convict a file, but the reputation of the file is not-malicious. It requires that ATP is enabled, and that GTI connectivity is online, so that Real-Protect's (part of ATP) behavioral/dynamic scanner can mitigate the false. It is much like producing a false detection with DAT content, but then changing the reputation of the hash using the TIE server, to prevent the detection from occurring. ATP false-positive mitigation essentially provides an automated method of recovering from a DAT false.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?