cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Re: Webgateway and Advanced Threat Defense (ATD) Integration

Jump to solution

thanks! so GAM (the regular AV engine) sets  the rating which the ATD rule uses to send samples.

Where can i find information on how the GAM decides which rating is applied?

So i guess setting the threshold on the ATD rule below 50 doesn't make a difference?

Highlighted

Re: Webgateway and Advanced Threat Defense (ATD) Integration

Jump to solution

How do you solve the problem if GAM says that the file is 0 and the Web GW doesn't send file to ATD?
0-days will always have 0 value.

Highlighted
Level 9
Report Inappropriate Content
Message 13 of 15

Re: Webgateway and Advanced Threat Defense (ATD) Integration

Jump to solution

Hi,

ATD as an regule scanner for MWG (two ATD analyzer profiles.

Q1: It is not possible to evalueate 2 conditions in parallel (start both scans at the same time, evaluate url categories and scan for malware, etc).

Q2: You can define as many ATD configurations as you want.

ATD and additional file types on risky sites

Standard rule covers all media types supported by ATD, but it seems the true media type of downloaded file is not recognized by MWG, that's why you had to add odd-looking types like "force-download". Can you send me a mail with a link to a malware that has this specific media types?

ATD and offline scanning

Have you placed "ATD - Handle Offline Scan" ruleset at the top of you policy? This error message means that either MWG was not able to connect to proxy.ip or no rule set handled offline request, e.g. it was blocked by some other rule set befor "ATD - Handle Offline Scan" ruleset recognized it as offline scan request.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 14 of 15

Re: Webgateway and Advanced Threat Defense (ATD) Integration

Jump to solution

Hi,

ad Q1: Not at the moment. You just can use one profile. From my point of information "Analyzer Chaining" will be added in further releases of ATD. But note, there is no official information about this feature. From MWG perspective, you can configure several ATD configurations using different ATD users to map different Analyzer profiles.

Hmmmm, this is a cool idea, i will try this. 🙂

ad Q2: See Q1. Have not tested it. I do not know if there are any side effects.

Additional File Types: Hmmm, mwg identifies the true filetype: There are several different properties for File Types. If changing the behavior just check the ATD results if there are any reports with unsupported filetypes. I tested it, there was no problem except a high load on ATD. I sent too much files. 🙂

Handle offline scan; I used the information from , this worked in my environment. I just have troubles when adding these rules to a complex ruleset, there it has not worked.

Let me know if you have some different experience.

Cheers

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 15 of 15

Re: Webgateway and Advanced Threat Defense (ATD) Integration

Jump to solution

Finally did it 🙂

Posted my results here:

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community