If you could inform me of the particular product you are referring to. I can move this discussion to a more appropriate area, to get better assistance.
Hello, I am referring to Threat Intelligence Exchange Server version 188.8.131.52.
3 of 3 people found this helpful
if you copy your framepkg.exe file from EPO master repository it is never listed in TIE als trusted. The file is signed by the EPO CA which is unique. There is also the sitelist.xml file included in the framepkg.exe which is always unique. Therefore TIE will never show this file as known trusted by Default.
We added the McAfee certificates to the Exclusion list in the Dynamic Application Containment Policy. You may test this if it helps.
Question 1: on which reputation threshold you are triggering DAC?
Question 2: Which DAC rules are active?
I activated the rules based on the "ens_10-5_BETA_DAC_rule_configuration_guide_v1.docx" and it is available in the McAfee Endpoint Security 10.5 Beta - ARCHIVED Group.
Hope this helps,
Thank you Thorsten
Thanks for the info that's very useful. I will join the 10.5 Beta group and read the guides. I am triggering DAC on "unknown" and was following DAC rules based on best practice guide https://kc.mcafee.com/corporate/index?page=content&id=KB87843 although I have since removed some of those rules.
Let us know if it was helpful, otherwise we can take a look to fix it :-)