3 Replies Latest reply on Jan 3, 2017 8:53 AM by Troja

    Upload a golden Image to TIE including Reputation and Comment (Sample Script)

    Troja

      NB: This is a free tool and it is not supported by McAfee / Intel Security or us! :-D

       

      Hi all,

      has anyone used the Tiescanner Tool? Yes, it is fine, but you cannot change the Reputation Level in TIE.

      The actual projects at our customers are showing a massive amount of unknown files. 200000 to 400000 unknown files are usual. This huge amount of information is often hard for the customers.

       

      What is it?

      The script to whitelists any *.exe and *.dll File in TIE. Thanks to zoki1978

       

      How does it work?

      The script generates a md5 hash and a sha1 hash of the file. Afterwards the TIE Reputation string is generated. This string is sent to EPO.

      EPO writes the reputation to TIE.

       

      Installation

      1. Download the python Remote Client to the system where you want to whitelist files. You can download the Python Client directly from the EPO Software Manager.
        Look here for details: Convicter – Utilize VirusTotal with TIE/DXL to convict files automatically
      2. Copy the attached files into the directory where you installed the python client. (addTIEreputation.py, mcafee.py, urlquote.py)
      3. Change the values in addTIEreputation.py as needed.
        TIE1.GIF
      4. Start the script using python.exe addTIEreputation.py.
      5. If anything is fine, you should see the entry under TIE Reputations.

      TIE2.GIF

       

      If you have any ideas let´s enhance this script.

      At the moment we have no information if the Company Name, Product Name and File Version can be added. Perhaps a McAfee SE has an information for us. :-)

       

      Have fun,

      Cheers