During the weekend one of our customers perfomed Windows updates and these were clasify by ATD as Most Likely Malicious/might be Malicious
The ATD seems to be the only one available for these files. GTI reputataion seems to have been queried, since Not Set as per docs, would mean the file does not exist in GTI.
So next checking would have been Certificate GTI reputation. I assume this didn't occur since these are all Microsoft files hence if the Certificate is queried succesfully, these would have come back as Might be Trusted minimum. Besides, as per docs, repuation Not Available which could mean GTI is unreachable.
Quetion is: What is need for TIE to be able to query Certificate GTI reputation?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.