1 Reply Latest reply on Jan 31, 2017 4:19 AM by Troja

    ATD Sandbox Global Settings

    bretzeli

      Hello,

       

      Anyone want to comment on this one before we do from our side? This regarding to use the ATD to add. TIE and to skip down the files which we WOULD have to manual aprove in TIE (ATP).

       

      * What the purpose of that value?

      * a 100 liner script loader which pulls malware from WAN is not worth scanning?

       

      Are all EXTENSION and FILEFORMATS you can select now supported with ENS 10.5 and latest TIE > ATP Modul in 10.5 and latest TIE-releases?

       

       

       

       

      Regards

      Mike

        • 1. Re: ATD Sandbox Global Settings
          Troja

          Hello,

          no, ATD can inspect more filetypes then ENS is sending to ATD. At the Moment ENS only triggers TIE when an PE is executed.

          At the Moment we try to figure out how ENS queries TIE in Detail and under which circumstances the file is afterwards uploaded to ATD.

           

          Also TIE is able to manage more filetypes than ENS will query or send (Files are uploade from TIE Server not from the endpoint to ATD).

           

          The global Settings for Files also makes really sense when MWG is using TIE and ATD. With MWG any file can be uploaded to ATD. Therefore the Minimum file size and Maximum file size makes sense. Because any file type has a Minimum file size. If this is not reached, e.g. a ZIP File, it could not be such a file type.

           

          If you think this is not okay, you may Change the file size.

           

          Finally, McAfee does not specify what must be scanned, which file type or file size. This is at the end of the day the decision of the customer. So we just take a look what is possible and what is not possible, which Settings are making sense for a customer and which not. What is the defined goal at the customer, what risks are clear for the customer and what the decision makers have defined. Based on all of this Information we are changing the values as best as possible.

           

           

          Cheers