NB: This is a free tool and it is not supported by McAfee / Intel Security or us! :-D
has anyone used the Tiescanner Tool? Yes, it is fine, but you cannot change the Reputation Level in TIE.
The actual projects at our customers are showing a massive amount of unknown files. 200000 to 400000 unknown files are usual. This huge amount of information is often hard for the customers.
What is it?
How does it work?
The script generates a md5 hash and a sha1 hash of the file. Afterwards the TIE Reputation string is generated. This string is sent to EPO.
EPO writes the reputation to TIE.
If you have any ideas let´s enhance this script.
At the moment we have no information if the Company Name, Product Name and File Version can be added. Perhaps a McAfee SE has an information for us. :-)
Got Feedback from a customer, the script ignores files with uppercase characters.
Change the script as follows.
if file.endswith(".exe") | file.endswith(".dll"):
if file.endswith(".exe") | file.endswith(".dll") | file.endswith(".EXE") | file.endswith(".DLL"):