Environment:
TIE server x2
DXL broker x2
ATD x1
Hi al
During the weekend one of our customers perfomed Windows updates and these were clasify by ATD as Most Likely Malicious/might be Malicious
The ATD seems to be the only one available for these files. GTI reputataion seems to have been queried, since Not Set as per docs, would mean the file does not exist in GTI.
So next checking would have been Certificate GTI reputation. I assume this didn't occur since these are all Microsoft files hence if the Certificate is queried succesfully, these would have come back as Might be Trusted minimum. Besides, as per docs, repuation Not Available which could mean GTI is unreachable.
Quetion is: What is need for TIE to be able to query Certificate GTI reputation?
Is SSL inspection involved in this process?
Thanks
You Deserve an Award
Community Help Hub
-
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
- Find Forum FAQs
- Learn How to Earn Badges
- Ask for Help
Join the Community
-
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
- Get helpful solutions from McAfee experts.
- Stay connected to product conversations that matter to you.
- Participate in product groups led by McAfee employees.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA