cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 1

Certificate GTI reputation not happening

Environment:

TIE server x2

DXL broker x2

ATD x1

 

Hi al

During the weekend one of our customers perfomed Windows updates and these were clasify by ATD as Most Likely Malicious/might be Malicious

 
 

ATD detections.jpg

 

The ATD seems to be the only one available for these files. GTI reputataion seems to have been queried, since Not Set as per docs, would mean the file does not exist in GTI.

So next checking would have been Certificate GTI reputation. I assume this didn't occur since these are all Microsoft files hence if the Certificate is queried succesfully, these would have come back as Might be Trusted minimum. Besides, as per docs, repuation Not Available which could mean GTI is unreachable.

TIE Doc.jpg

 

 

Quetion is: What is need for TIE to be able to query Certificate GTI reputation?

Is  SSL inspection involved in this process?

Thanks

 

 

 

 

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community