cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Clients still appear to go direct for GTI Lookups

We have implemented TIE and DXL but even though all appears in order and all system are connected to the TIE server, I am still seeing large amounts of lookups going to 161.69.165.19 directly to the proxy server rather than TIE. Logs on the TIE appear to indicate that TIE is doing lookups and the systems that are reported as doing the direct lookups are reporting that they are connected. What am I missing?
7 Replies
Highlighted
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 8

Re: Clients still appear to go direct for GTI Lookups

The client machine would directly make a connection to the GTI only if the ATP module is not installed or when the DXL client is unable to connect to the DXL broker.

If you open the ENS console, check the connection status within the Adaptive Threat protection and see if this is listed as 

TIE-ATP.JPG

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 
Highlighted

Re: Clients still appear to go direct for GTI Lookups

The client is reporting that its connecting fine to the DXL broker in ePO.

Highlighted
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 8

Re: Clients still appear to go direct for GTI Lookups

How the connectivity information in the ATP console ?

Highlighted

Re: Clients still appear to go direct for GTI Lookups

Where do I look? The only thing I can see linked to lookup's is \ProgramData\McAfee\Endpoint Security\Logs\gti_error.log. I am seeing a number of errors in that log like below probably linked to SSL inspection.

httpconnection::SendRequest invalid server certificate.

ATP should be going to the TIE for its reputations...

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: Clients still appear to go direct for GTI Lookups

Hi @cybercop 

Can you please kindly help us with the specific destination address the endpoint is trying to reach?  The entire list of addresses we use is in this KBA.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Highlighted

Re: Clients still appear to go direct for GTI Lookups

Thats the issue. The endpoint is supposed to be going to the TIE Server but it appears that a number don't. I'll log a call with McAfee to check it out. There's a couple of issues with ATP anyway. Thanks for trying.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: Clients still appear to go direct for GTI Lookups

Hi @cybercop 

Thanks for your response. Logging a Service Request is an excellent idea! The reason behind my request to know the destination address is to understand the "type" of look up. Not all GTI look ups are related to determination of file reputation! Hence some of these cannot be sent to GTI.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community