Its does what it does for EXE/DLL/DOC/XLS but NOT for PDF. For some it does depending on HOW they entry the company (Which way)
For the process "If file is already in TIE".....
I overlooked that he checked TIE before all others. Thought if i change the order where i FIRST scan the sample [1) W7 2) W10] vm or [1) W10 2) W7] then it would change....
for the full Trellix customer with Mcafee Security for Exchange with TIE, Webgateway with TIE, DLP activ so no USB all incoming new files would be those two ways.
1) WAN Incoming http/https/smtp/s
2) MGW (Download) with TIE submit or McAfee Security for Exchange with TIE submit
3) File is KNOWN in TIE
4) File is SENT to ATD for Analyse
5) ATD has option analyse with all option "ON" and "Continue to run all Engines even after file is found malicious"
6) Then the FILE is Always already in TIE and ATD just makes a INFORMATIONAL?
Then we don't have to send the PDF file to the ATD
Clearly if file would be malicious the info would be communicated to all endpoints with DXL.
But we also want the INFO in TIE for all files (GOOD/BAD)
Maybe what we want is option:
Existing: "Continue to run all Engines even after file is found malicious"
NEW: Continue to run all Engines even after file is found INFORMATIONAL"?
Greetings from Switzerland