cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
User57094076
Level 7
Report Inappropriate Content
Message 1 of 9
‎05-27-2020 12:22 PM

Devices Communicating over TLS 1.0 with Mcafee

Jump to solution
Few devices are communicating with the below IPs over TLS 1.0. Are these GTI IPs? Want to know why this communication is happening and is it a secure communication? 161.69.169.19/ 161.69.169.18/ 161.69.169.63/ 161.69.169.59/ 161.69.169.26/ 161.69.169.60/ 161.69.169.16/ 161.69.169.20/ 161.69.169.57/ 161.69.169.25/ 161.69.169.56/
0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 9
‎05-27-2020 02:55 PM

Re: Devices Communicating over TLS 1.0 with Mcafee

Jump to solution

Dat reputation gti requests are made over port 443, which is ssl encrypted communication.  There is no identifiable information sent to be worried about.  Your updates may come from your epo server to your endpoints, but the reputation check will occur over internet to validate there are no known issues with the dat file.

ENS/TIE/VSE and other point products use GTI for heuristics scanning (also known as artemis or the sensitivity level in the on access scanning policies).  These are simply dns requests that send a hash of the file in question to our servers.  That is the only info sent and contains no information that can be of any value to anyone else.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
8 Replies
Highlighted
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9
‎05-27-2020 02:14 PM

Re: Devices Communicating over TLS 1.0 with Mcafee

Jump to solution

Yes, those are gti addresses.  See KB53735.  See also KB55986 for dat reputation gti and health check communication, which is over 443 and encrypted.  

Regarding gti:

Any suspicious files found that do not trigger existing signature DAT files, GTI sends a DNS request to a central database server. McAfee Labs hosts the server. This server is continually updated when new malware is found. When the GTI Cloud at McAfee Labs receives the request from the GTI File Reputation enabled endpoint, it determines whether this program is suspicious and responds appropriately.

I have privacy concerns - what information is sent to McAfee?
The data sent never includes any part of any file scanned, so there is no chance of any information leaks. Any lookup is performed only on suspicious files and consists of a 32-byte fingerprint generated and sent to the GTI Cloud. A response is given if the fingerprint is determined to be a malicious file.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Highlighted
User57094076
Level 7
Report Inappropriate Content
Message 3 of 9
‎05-27-2020 02:45 PM

Re: Devices Communicating over TLS 1.0 with Mcafee

Jump to solution

Thanks for the articles, they were very helpful...though i have more questions..

Im looking more towards the communication between my endpoint devices and the GTI

1-My endpoint devices take updates from ePO.. In which case do they communicate directly to GTI Over the internet ?

2-Regarding checking unknown file reputation from GTI,  does  this happen only in case where I am using TIE or it happens in ENS also?

3. They are communicating over TLS 1.1. Is it safe? as TLS 1.1 is vulnerable.

0 Kudos
Reply
Highlighted
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 9
‎05-27-2020 02:55 PM

Re: Devices Communicating over TLS 1.0 with Mcafee

Jump to solution

Dat reputation gti requests are made over port 443, which is ssl encrypted communication.  There is no identifiable information sent to be worried about.  Your updates may come from your epo server to your endpoints, but the reputation check will occur over internet to validate there are no known issues with the dat file.

ENS/TIE/VSE and other point products use GTI for heuristics scanning (also known as artemis or the sensitivity level in the on access scanning policies).  These are simply dns requests that send a hash of the file in question to our servers.  That is the only info sent and contains no information that can be of any value to anyone else.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
Highlighted
User57094076
Level 7
Report Inappropriate Content
Message 5 of 9
‎05-27-2020 03:40 PM

Re: Devices Communicating over TLS 1.0 with Mcafee

Jump to solution
Thanks a lot Thanks a lot cdinet😃
0 Kudos
Reply
Highlighted
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9
‎05-28-2020 03:42 AM

Re: Devices Communicating over TLS 1.0 with Mcafee

Jump to solution

Glad to assist!

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Highlighted
User57094076
Level 7
Report Inappropriate Content
Message 7 of 9
‎06-01-2020 04:49 AM

Re: Devices Communicating over TLS 1.0 with Mcafee

Jump to solution

Hi, I also wanted to know why this communication is happening over TLS1.1? We need to remove TLS 1.1 from our devices as it is vulnerable. Why is McAfee using a vulnerable protocol?

0 Kudos
Reply
Highlighted
User57094076
Level 7
Report Inappropriate Content
Message 8 of 9
‎06-01-2020 05:20 AM

Re: Devices Communicating over TLS 1.0 with Mcafee

Jump to solution

Correction on the above post.... why is it happening over TLS1.0. It is Is vulnerable* 

0 Kudos
Reply
Highlighted
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9
‎06-01-2020 06:18 AM

Re: Devices Communicating over TLS 1.0 with Mcafee

Jump to solution

This may answer your question.  Upgrade to ENS 10.7

https://kc.mcafee.com/agent/index?page=content&id=KB91763

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC