cancel
Showing results for 
Search instead for 
Did you mean: 

Threat Prevention False Positive Mitigation

Jump to solution

Hi,

product Endpoint security 10.5 + Mcafee TIE + DXL +ATP

i don't understand this event:

  • event ID 34928
  • Detecting Product Name: McAfee Endpoint Security
  • Event Description: Threat Prevention False Positive Mitigation
  • Description: Riduzione dei falsi positivi

what does this event mean? I can not understand

 

 

 

Tags (2)
1 Solution

Accepted Solutions
McAfee Employee akatt
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Threat Prevention False Positive Mitigation

Jump to solution

The event can be triggered when DATs convict a file, but the reputation of the file is not-malicious.  It requires that ATP is enabled, and that GTI connectivity is online, so that Real-Protect's (part of ATP) behavioral/dynamic scanner can mitigate the false.  It is much like producing a false detection with DAT content, but then changing the reputation of the hash using the TIE server, to prevent the detection from occurring.  ATP false-positive mitigation essentially provides an automated method of recovering from a DAT false.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

4 Replies

Re: Threat Prevention False Positive Mitigation

Jump to solution

Hi,

I believe that:
ENS automatically do false positive mitigations (Bad behaviour, but good reputation for example).
It is a new feature of ENS 10.5 ATP to show what events Mcafee categorised as "false positive", so you can screen for "false false positives".

rkokic
Level 9
Report Inappropriate Content
Message 3 of 5

Re: Threat Prevention False Positive Mitigation

Jump to solution

False positive:  so that these can be excluded?

McAfee Employee akatt
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Threat Prevention False Positive Mitigation

Jump to solution

The event can be triggered when DATs convict a file, but the reputation of the file is not-malicious.  It requires that ATP is enabled, and that GTI connectivity is online, so that Real-Protect's (part of ATP) behavioral/dynamic scanner can mitigate the false.  It is much like producing a false detection with DAT content, but then changing the reputation of the hash using the TIE server, to prevent the detection from occurring.  ATP false-positive mitigation essentially provides an automated method of recovering from a DAT false.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: Threat Prevention False Positive Mitigation

Jump to solution

@stemax1

This event occurs whenever the DAT suspect the file, but in this case the reputation of the file is good.

 

Venu
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center