cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Composite Reputation Unknown - GTI Reputation Known Trusted

Jump to solution

Hello,

In the TIE reputation we've noticed that some files got an Unknown composite reputation but the GTI file reputation is Known Trusted. Is this because of the rule applied "4 v3 - Use GTI file reputation to identify trusted or malicious files" or is the another logical explanation for this?

 
1 Solution

Accepted Solutions
bbarnes
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Composite Reputation Unknown - GTI Reputation Known Trusted

Jump to solution

Hello iverbuyst,

It is important to understand that the composite reputation is not something that is ever provided to the endpoints as a result of a reputation request. Instead TIE server will reply with all other available reputations (GTI, Enterprise, ATD, MWG, etc). The endpoint uses the rules (as you highlighted) to decide how to weigh and analyze those various reputations. Meaning, what the composite reputation shows has no real bearing on what the endpoint decides to do.

Instead, that column is meant to reflect the last "Actioned" reputation. To give you the Administrator an idea of how the file was last treated. In this case, the last endpoint update we received indicates the file was treated as an unknown. Potential causes for this:

1) The file was checked on an endpoint before GTI had a reputation available 

2) Potentially a GTI connection issue with TIE > GTI that presented itself a the time of execution

I am not sure what version of TIE you are running but in 3.0.1 we actually implemented some changes so if a GTI reputation update is made after the client request, we also reflect that in the composite reputation. 

If this continues to be a problem, I would recommend opening a ticket with support so we can review the logs around this. 

 

Thanks 
Brian Barnes

View solution in original post

2 Replies
bbarnes
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Composite Reputation Unknown - GTI Reputation Known Trusted

Jump to solution

Hello iverbuyst,

It is important to understand that the composite reputation is not something that is ever provided to the endpoints as a result of a reputation request. Instead TIE server will reply with all other available reputations (GTI, Enterprise, ATD, MWG, etc). The endpoint uses the rules (as you highlighted) to decide how to weigh and analyze those various reputations. Meaning, what the composite reputation shows has no real bearing on what the endpoint decides to do.

Instead, that column is meant to reflect the last "Actioned" reputation. To give you the Administrator an idea of how the file was last treated. In this case, the last endpoint update we received indicates the file was treated as an unknown. Potential causes for this:

1) The file was checked on an endpoint before GTI had a reputation available 

2) Potentially a GTI connection issue with TIE > GTI that presented itself a the time of execution

I am not sure what version of TIE you are running but in 3.0.1 we actually implemented some changes so if a GTI reputation update is made after the client request, we also reflect that in the composite reputation. 

If this continues to be a problem, I would recommend opening a ticket with support so we can review the logs around this. 

 

Thanks 
Brian Barnes

View solution in original post

Re: Composite Reputation Unknown - GTI Reputation Known Trusted

Jump to solution

Hello Brian,

We're using the TIE 301 so we would expect the Composite Reputation to be updated to the GTI Reputation.

We'll keep a close eye on it and if the number of inconsistencies increases we'll submit a SR.

Kind Regards,

Ivan

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community