cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 1 of 22

How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

Hi all,

under TIE Reputations i find a massive volume of files located in the directory C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\.....

This fills my TIE Database and shows a high amount of unknown file.

How this can be handeled?? Any idea??

Cheers

1 Solution

Accepted Solutions
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 14 of 22

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

Hi ​,

take a look at rule ID 137, 138 and 139 at the Adpative Threat Prevention Rule in the EPO Server Server Settings.

Cheers

21 Replies

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

Hi,

have you had any feedback on this as this is also a problem for us

thanks

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 3 of 22

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

Hi,

no answer at this time for this challenge.

Cheers

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

Hi,

I'm encoutering the same exact behaviour. No info yet.

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

I am going to log a ticket next week for this issue have either of you logged a ticket yet or resolved the issue?

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 6 of 22

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

Hi,

at the moment we finished some TIE project. Some McAfee representative asked me to write down some "problems" or challenges in the projects. This information should be straight forwarded to the TIE product management.

Let´s see what happens.

At the moment i have no solution for this.

Cheers

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

We've an opened ticket with Intel Security to investigate this (apparent) bug. No news till now, I'll keep you informed.

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 8 of 22

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

Hi all,

try this script to whitelist the executables from your endpoint:

Let´s see if this helps.

There is also a new TIE Rules available. Perhaps this rule also changes something.

Rule 139 - Identify trusted DOTNet assemblies

Description:

This rule detects files that have CLR code (DOTNet) and have been installed into the global

assembly cache folders. The files are present on multiple machines within the enterprise,

indicating they are not just-in-time compiled assemblies.

Default State: Mandatory

Changes in this release

Changed how age and prevalence are handled in DOTNet validation algorithm

Cheers

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

Hi,

have you had any more feedback from the tech support team? are you able to share your SR so I can add this info to my case as they are not aware of any issue when speaking to the support

thanks

Trevor

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 10 of 22

Re: How to handle C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\ with TIE

Jump to solution

Hi,

for Servers i solved it for my own. It´s some kind of woraround but no solution. We implemented a script to whitelist any EXE and DLL on TIE. After doing this, the messages have been gone.

At the moment i do not know why this solved the problem, therefore it´s a workaround for me.

Cheers

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator