cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Omriil
Level 9
Report Inappropriate Content
Message 1 of 4

is it possible to control which clients reach the TIE server?

Jump to solution

Hi, We are trying to deploy TIE Server for a big environment.

is there a possibility to let only specific systems\groups\tags to use TIE and other systems will NOT use TIE at all - won't send hashes to the TIE DB and won't get reputation from TIE.

Is that possible? if so then how?

2 Solutions

Accepted Solutions
bbarnes
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: is it possible to control which clients reach the TIE server?

Jump to solution

Hello Omriil, 

 

Whether or not a machine leverages TIE data is typically up to the endpoint software that will be using that data. For instance ENS with the ATP module can consume TIE reputation if it is enabled. 

Disabling ATP in the Endpoint Security Adaptive Threat Protection : Policy Category > Options policy would prevent the machine from leveraging the TIE server for data. A policy could be created with this enabled/disabled and assigned out at your discretion. 

Unfortunately TIE server itself has no measure of control over the requestors of data. In fact it is not aware of the machines at all by Name or IP address by design.

Another alternative would be leveraging the DXL Client policy option to "Disable Communication". Which would prevent the Client machine from leveraging DXL at all. 

 

Thanks

Brian

View solution in original post

Omriil
Level 9
Report Inappropriate Content
Message 3 of 4

Re: is it possible to control which clients reach the TIE server?

Jump to solution

Thanks a lot for the answer!

Apart from what you said, I've opened a SR for this question and they mentioned a method from this KB:

https://kc.mcafee.com/corporate/index?page=content&id=KB91155

Looks effective but I haven't tried it yet.

View solution in original post

3 Replies
bbarnes
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: is it possible to control which clients reach the TIE server?

Jump to solution

Hello Omriil, 

 

Whether or not a machine leverages TIE data is typically up to the endpoint software that will be using that data. For instance ENS with the ATP module can consume TIE reputation if it is enabled. 

Disabling ATP in the Endpoint Security Adaptive Threat Protection : Policy Category > Options policy would prevent the machine from leveraging the TIE server for data. A policy could be created with this enabled/disabled and assigned out at your discretion. 

Unfortunately TIE server itself has no measure of control over the requestors of data. In fact it is not aware of the machines at all by Name or IP address by design.

Another alternative would be leveraging the DXL Client policy option to "Disable Communication". Which would prevent the Client machine from leveraging DXL at all. 

 

Thanks

Brian

Omriil
Level 9
Report Inappropriate Content
Message 3 of 4

Re: is it possible to control which clients reach the TIE server?

Jump to solution

Thanks a lot for the answer!

Apart from what you said, I've opened a SR for this question and they mentioned a method from this KB:

https://kc.mcafee.com/corporate/index?page=content&id=KB91155

Looks effective but I haven't tried it yet.

dfirstbr
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: is it possible to control which clients reach the TIE server?

Jump to solution

Hi Omriil

Just to make sure that you're fully aware, 'bbarnes' suggestion\recommendation i.e. "Another alternative would be leveraging the DXL Client policy option to "Disable Communication" would prevent the Client machine from leveraging DXL at all." This would be the simplest way of configuring the DXL client. I've attached a screenshot to highlight the option - dxlpolicy.png.

It looks as though you have all you need to configure your device the way you requested.

Thank you for the question.

Regards
-dene

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community