It's difficult to compare the rules that TIE uses to the rule sets used by other vendors, since TIE is not used in isolation. TIE is designed to complement McAfee Endpoint Security or VirusScan, which include their own libraries of heuristics designed to identify and stop suspicious/malicious application behaviors.
The effectiveness of TIE's rules are continuously monitored by McAfee Labs, and may be tweaked or augmented at any time (similar to the heuristics included in the VirusScan engine and DATs). There is not a set update cycle.
the TIE content rules are only one of the mechanism to detect malicious behavior. Not any TIE Content rule detects behavior, many of them are only collecting meta data for later analysis.
a) Additonal you have the Exchange module for VSE Engine Rules, which you can find in the server settings of EPO.
b) It also depends if your system is classified as High Change System, Typical System or Low Change Systems. (TIEM Policy)
Finally you have the TIE server with much more logic like the enterprise count, first seen, last seen and much more.
Therefore, i think, you cannot compare this 1:1.
Additional some more information how the reputation is determined.
File and certificate reputation is determined when a file attempts to run on a managed system.
These steps occur in determining a file or certificate's reputation.
If Advanced Threat Defense is present, the following process occurs.
Hope this helps,