2 Replies Latest reply on Jul 7, 2017 11:11 AM by Jon Scholten

    GTI File Reputation Question

    matthew.stokes

      We're running version 7.5.2.8 MWG and we have "Enable GTI file reputation queries" enabled (see below). From everything I have read about GTI file reputation, I would expect to see the MWG's sending out DNS queries against the mcafee.com DNS servers with a hash of the file that is being scanned.

       

      But I have NEVER seen a DNS lookup for anything *.avts.mcafee.com  (i.e. x-0.19-a3000011.20580.16a8.b84.2fc7.200.0.divlrlqgrt8wqej5r3h1fspprv.avts.mcafee .com) from any of our Web Gateways. Does the file reputation piece work in a different way to the other products?

       

      For more info on what I think it's supposed to look like see GTI File Reputation - How it works ?