NB: This is a free tool and it is not supported by McAfee / Intel Security or us! :-D
has anyone used the Tiescanner Tool? Yes, it is fine, but you cannot change the Reputation Level in TIE.
The actual projects at our customers are showing a massive amount of unknown files. 200000 to 400000 unknown files are usual. This huge amount of information is often hard for the customers.
What is it?
How does it work?
The script generates a md5 hash and a sha1 hash of the file. Afterwards the TIE Reputation string is generated. This string is sent to EPO.
EPO writes the reputation to TIE.
If you have any ideas let´s enhance this script.
At the moment we have no information if the Company Name, Product Name and File Version can be added. Perhaps a McAfee SE has an information for us. :-)
Got Feedback from a customer, the script ignores files with uppercase characters.
Change the script as follows.
if file.endswith(".exe") | file.endswith(".dll"):
if file.endswith(".exe") | file.endswith(".dll") | file.endswith(".EXE") | file.endswith(".DLL"):
I wonder if it is better idea to import only those hashes that have unknown reputation currently. Because as we know assigned enterprise reputations will not be overwritten by GTI reputations. Thus if in some reason reputation of the file will changed in GTI, it will not be reflected to TIE database. Presented here script helps to import every file independent of its GTI reputation. As opposite, GetClean tool makes list of only those files that have unknown reputation. But populating this list directly to TIE is not designed into GetClean, instead it allows to upload those files to GTI.
I wonder if anyone has seen script or knows the way how to scan golden image for unknows and set those reputation directly in TIE server?