cancel
Showing results for 
Search instead for 
Did you mean: 

Re: TIE Reputation questions

Well, not set in combination with no file names.. I have 40000 files under this status. Let us know what you have found so far.

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 12 of 20

Re: TIE Reputation questions

Same here and have seen this since beginning we started the TIE project. We first thought it was coming from the ATD Sandbox and some files it gave wrong back or the PROCESS was interrupted at some point (Like when you once reboot the ATD). We also noticed that thise files are a lot of machines in the enterprise.

Highlighted

Re: TIE Reputation questions

I have deployed ENS 10.5.1 and recently i have started deployed TIE in test environment and i am facing same issues. in TIE reputations Chrome.exe shows Unknown composite reputation and other reputation either no available or not set. is this normal for popular application like chrome.exe?

further i have integrated it to virus total, but for each file i need to manually retrieve the reputation on virus total tab, isn,t it automatic for all unknown reputation files

Re: TIE Reputation questions

I figured it out that when i select the file manually on TIE reputation dashboard  and run refresh GTI Reputation manually from action tab, file status is refresh with Known trusted. now i have doubt why dont it gets refresh automatically, is there any settings available for that.

Re: TIE Reputation questions

Same issues here, when i pushed ATP on more than 10 systems, i have lot of unknown file generated with only hash value.

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 16 of 20

Re: TIE Reputation questions

Ok:

Mcafee has to move now with the TIW and ATD. There are several other problems we currently have and others too. Like the Framework 2.0 Assemblies which on every machine have an other MD5 checksum and are rathed as "Unknown" and this DO not run on strict customer sites.

Wannacry weekend did put some pressure on this and we wan't it working. Those are customer who spent above 250'000.- in Mcafee products.

How do we do that woth the EMPTY files we talk about.

Each one of us OPENS a ticket and escalates?

At least we want to know:

a) Where they come from

b) How i can EXCLUDE/DELETE the Files with a script or with GUI

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 17 of 20

Re: TIE Reputation questions

Hello,

just an Information from my side. We are supporting many TIE installations. The screenshots here are looking really Special. We do not see this behavior in our internal Environment and also not at the customer. In many cases Company Name, Product Name, File Version are not available in TIE. This is working as designed. From my Point of Information, if a file is known trusted the TIE Server does not request the file Details from the endpoint. But the filename should be available.

How about the TIE Environment, is there anything shown fine in the EPO Server Settings?

How about the ENS Logs

How about the TIE Server Logs directly located on the applliance?

Cheers

TIE_Status.jpg

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 18 of 20

Re: TIE Reputation questions

The other customers also with the ATD Sandbox giving back info to the TIE? Or just TIE and MGW?

We at first allways thought those are mandatory GTI Hashes they currently are inestigating BUT only have the MD5 checksums and

Mcafee wants to make sure that the customers already have the HASHES in their TIE envoriments.

We do NOT submit any MD5 or Files to GTI upwards. The customers wants everything ONPREMISE and NO info published to GTI. Maybe thats the difference we have?

Here is one setting...

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 19 of 20

Re: TIE Reputation questions

Throsten,

We have NO ENS Logs because we can't see WHERE it did run on some of those TIE files.

On others ee just see a GUID or the GUID together with clients. Where we see the clients

i asume there is no error in the LOCAL ens Logs. It would be the ones with the GUID.

I am unsure if the GUID has anything to with the Mcafee Agent or KEY. But it should be the AGENT-GUID.

Maybe when the AGENT Migrates from 5.X to upwards the ATP/TIE Modul still works or moves files AROUND

and during that time this happens?

Here are the Versions we run there:

Agent 5.0.5.658 

McAfee DXL Client 3.0.0.285 

Endpoint Security Platform 10.5.1.1190 

DLP Endpoint 10.0.200.392 

Endpoint Security Adaptive Threat Protection 10.5.1.1163 

Endpoint Security Threat Prevention 10.5.1.1261

If we do where has it run:

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 20 of 20

Re: TIE Reputation questions

It looks like this is solved for 10.2.X BUT still open to date 10.08.2017 for 10.5.X.

We have the same with the 10.5.1 and lastest version of all involved products EXCEPT DXL client. Some 3.0 Release but not the newest.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community