When attempting to do file overrides in TIE Reputations it appears to require both the MD5 and SHA1 values of the file.
Often times we receive threat intel that lacks both a SHA1 and MD5.
When a TIE client sends queries up, has it precalculated the MD5, SHA1 and SHA256 already? If so, could this not be changed to allow for override entries to be created with any of these values?
McAfee answer would be : create a PER.
Now it is the moment to contact your technical account manager because the PER side is down and the new site is not active yet.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center