We could really use a Best Practice guide. We have deployed TIE and are analyzing the results. So far the results are promising, but we have some questions that a BP guide would/should address.
For TIE reputations and policy, does one reputation take precedence over another? Does Certificate reputation override File, and also Enterprise and GTI reputation? It's not at all clear how all these reputations work together in a policy. How do we submit files/certs to Mcafee and have them validate them? I see dozens of files from Adobe and MS that have no reputation at all from GTI or Enterprise. I really can't switch from monitor to blocking with so many files showing as either not set or not available. Anyone have any guidance ?