cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PowerShell files reputation not getting updated in TIE reputation page

Hi Team,

I noticed that the PowerShell script file reputation is not getting populated in our TIE reputations page.

I have created a test PowerShell script and executed it however, the file reputation didn't update in the TIE reputation page.

I would like to understand how the files reputation gets updated in TIE reputation? And the files scanned by which scanner (ATP or OAS) updates the reputation?

Thanks in advance.

4 Replies
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: PowerShell files reputation not getting updated in TIE reputation page

Hi @Satish_Talatam,

Thank you for your post. This is a good question.

Since we are running a PS script on your PC and expecting it to show up on TIE, it would mean that we are expecting ENS ATP should detect/scan the script and catch it's reputation of the file and send it to TIE Server.

However, ATP does scanning on the PE file here, which is a constant, Powershell.exe which is already registered in your TIE Server. The scripts are scanned via AMSI only with enhanced script scanning.

I sincerely hope this clarifies your query.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: PowerShell files reputation not getting updated in TIE reputation page

@AdithyanT 

 

Thanks for the clarification.

If the ATP is only a process scanner and not the file scanner,  I can see some .doc and .xlsx files in the TIE reputation page.

Could you please clarify which scanner scanned these files ? and how the files reputation updates the TIE page? Was it by OAS or Active Response ?

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: PowerShell files reputation not getting updated in TIE reputation page

Hi @Satish_Talatam,

Thank you for your response. That is an interesting point. OAS cannot cascade any information on files to TIE Server. However, the fact that you have word files on the TIE server without you adding it would mean I am wrong with respect to what ATP can send to TIE. May I request you to kindly log a service Request to confirm source of these files added to TIE server? Active response team can confirm this for us.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: PowerShell files reputation not getting updated in TIE reputation page

@AdithyanT 

 

I have reviewed the .doc file in TIE reputation page and noticed that the machine where the file was identified doesn't have the MAR client installed. So this issue might not be from the MAR and hence raised the SR with TIE team.

Thanks,

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community