in some cases, I find malicious files which have been analysed by ATD, will not marked as KNOW MALICIOUS or MIGHT BE MALICIOUS in TIE.Does somebody know, why this accours?
0) Which TIE Version 1.X or 2.0?
1) Aree those EXE or DLL?
2) We only see .EXE Files which received feedback from the ATD that change the "Composite Reputation"
Check the rules in TIE 2.0 under Server Settings?
the problem was that no DXL TAG for ATD was set in ePO in the System Tree.
Therefore not all information have been added into the TIE DB.
Added Tag: ATDDXL to the device.
This has solved problem!