cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 1 of 5

Upload a golden Image to TIE including Reputation and Comment (Sample Script)

NB: This is a free tool and it is not supported by McAfee / Intel Security or us! :-D

Hi all,

has anyone used the Tiescanner Tool? Yes, it is fine, but you cannot change the Reputation Level in TIE.

The actual projects at our customers are showing a massive amount of unknown files. 200000 to 400000 unknown files are usual. This huge amount of information is often hard for the customers.

What is it?

The script to whitelists any *.exe and *.dll File in TIE. Thanks to

How does it work?

The script generates a md5 hash and a sha1 hash of the file. Afterwards the TIE Reputation string is generated. This string is sent to EPO.

EPO writes the reputation to TIE.

Installation

  1. Download the python Remote Client to the system where you want to whitelist files. You can download the Python Client directly from the EPO Software Manager.
    Look here for details:
  2. Copy the attached files into the directory where you installed the python client. (addTIEreputation.py, mcafee.py, urlquote.py)
  3. Change the values in addTIEreputation.py as needed.
    TIE1.GIF
  4. Start the script using python.exe addTIEreputation.py.
  5. If anything is fine, you should see the entry under TIE Reputations.

TIE2.GIF

If you have any ideas let´s enhance this script.

At the moment we have no information if the Company Name, Product Name and File Version can be added. Perhaps a McAfee SE has an information for us. :-)

Have fun,

Cheers

4 Replies

Re: Upload a golden Image to TIE including Reputation and Comment (Sample Script)

Many thanks for this script works like a legend

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Upload a golden Image to TIE including Reputation and Comment (Sample Script)

Got Feedback from a customer, the script ignores files with uppercase characters.

Change the script as follows.

     if file.endswith(".exe") | file.endswith(".dll"):

Change to

     if file.endswith(".exe") | file.endswith(".dll") | file.endswith(".EXE") | file.endswith(".DLL"):    


Cheers

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: Upload a golden Image to TIE including Reputation and Comment (Sample Script)

Hi all,

​ uploaded a tool to whitelist Files in TIE using a nice UI. Take a look at the link.

Cheers

ta11
Level 9
Report Inappropriate Content
Message 5 of 5

Re: Upload a golden Image to TIE including Reputation and Comment (Sample Script)

I wonder if it is better idea to import only those hashes that have unknown reputation currently. Because as we know assigned enterprise reputations will not be overwritten by GTI reputations. Thus if in some reason reputation of the file will changed in GTI, it will not be reflected to TIE database. Presented here script helps to import every file independent of its GTI reputation. As opposite, GetClean tool makes list of only those files that have unknown reputation. But populating this list directly to TIE is not designed into GetClean, instead it allows to upload those files to GTI.

I wonder if anyone has seen script or knows the way how to scan golden image for unknows and set those reputation directly in TIE server?

 

rgds

T

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.