cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 5

Threat Prevention False Positive Mitigation

Jump to solution

Hi,

product Endpoint security 10.5 + Mcafee TIE + DXL +ATP

i don't understand this event:

  • event ID 34928
  • Detecting Product Name: McAfee Endpoint Security
  • Event Description: Threat Prevention False Positive Mitigation
  • Description: Riduzione dei falsi positivi

what does this event mean? I can not understand

 

 

 

Tags (2)
1 Solution

Accepted Solutions
akatt
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Threat Prevention False Positive Mitigation

Jump to solution

The event can be triggered when DATs convict a file, but the reputation of the file is not-malicious.  It requires that ATP is enabled, and that GTI connectivity is online, so that Real-Protect's (part of ATP) behavioral/dynamic scanner can mitigate the false.  It is much like producing a false detection with DAT content, but then changing the reputation of the hash using the TIE server, to prevent the detection from occurring.  ATP false-positive mitigation essentially provides an automated method of recovering from a DAT false.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

4 Replies
bertels
Level 9
Report Inappropriate Content
Message 2 of 5

Re: Threat Prevention False Positive Mitigation

Jump to solution

Hi,

I believe that:
ENS automatically do false positive mitigations (Bad behaviour, but good reputation for example).
It is a new feature of ENS 10.5 ATP to show what events Mcafee categorised as "false positive", so you can screen for "false false positives".

rkokic
Level 9
Report Inappropriate Content
Message 3 of 5

Re: Threat Prevention False Positive Mitigation

Jump to solution

False positive:  so that these can be excluded?

akatt
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Threat Prevention False Positive Mitigation

Jump to solution

The event can be triggered when DATs convict a file, but the reputation of the file is not-malicious.  It requires that ATP is enabled, and that GTI connectivity is online, so that Real-Protect's (part of ATP) behavioral/dynamic scanner can mitigate the false.  It is much like producing a false detection with DAT content, but then changing the reputation of the hash using the TIE server, to prevent the detection from occurring.  ATP false-positive mitigation essentially provides an automated method of recovering from a DAT false.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

Re: Threat Prevention False Positive Mitigation

Jump to solution

@Former Member

This event occurs whenever the DAT suspect the file, but in this case the reputation of the file is good.

 

Venu
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community