The client machine would directly make a connection to the GTI only if the ATP module is not installed or when the DXL client is unable to connect to the DXL broker.
If you open the ENS console, check the connection status within the Adaptive Threat protection and see if this is listed as
Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Where do I look? The only thing I can see linked to lookup's is \ProgramData\McAfee\Endpoint Security\Logs\gti_error.log. I am seeing a number of errors in that log like below probably linked to SSL inspection.
httpconnection::SendRequest invalid server certificate.
ATP should be going to the TIE for its reputations...
Can you please kindly help us with the specific destination address the endpoint is trying to reach? The entire list of addresses we use is in this KBA.
Thats the issue. The endpoint is supposed to be going to the TIE Server but it appears that a number don't. I'll log a call with McAfee to check it out. There's a couple of issues with ATP anyway. Thanks for trying.
Thanks for your response. Logging a Service Request is an excellent idea! The reason behind my request to know the destination address is to understand the "type" of look up. Not all GTI look ups are related to determination of file reputation! Hence some of these cannot be sent to GTI.