cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iverbuyst
Level 9
Report Inappropriate Content
Message 1 of 3
‎04-03-2021 02:24 AM

ATP - PE Executable in excluded folder shown on TIE Reputation Page

Hello,

We've excluded a folder in OAS to prevent ATP from getting trigged when an executable is executed from that folder.

When we execute an executable from that folder we see an entry in the AdaptiveThreatProtection_Activity log that the executable is excluded from scanning, which is as expected. But we see the executable appearing on the TIE Reputation Page as unknown.

Is it normal that a file that has been excluded gets an entry on the TIE server?

Best Regards,

Ivan 

0 Kudos
Reply
2 Replies
Pravioz
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎04-04-2021 03:16 AM

Re: ATP - PE Executable in excluded folder shown on TIE Reputation Page

What type of file is shown in TIE page 

Please follow the KB Article: https://kb.mcafee.com/corporate/index?page=content&id=KB90588  

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Thanks and regards,
Praveen Anbu
0 Kudos
Reply
iverbuyst
Level 9
Report Inappropriate Content
Message 3 of 3
‎04-06-2021 11:36 PM

Re: ATP - PE Executable in excluded folder shown on TIE Reputation Page

@Pravioz 

The file type shown on the TIE page is Windows Portable Executable.

In the ATP activity logs we see that scanning has been turned off for this file based in on the OAS exclusion, but the file info is visible on the TIE page. 

So we want to know if it's normal that files that are excluded using OAS get an entry in the TIE page?

Also we would like to know what's the best practice for these files. Should we handle them als normal executables and give them an Enterprise Reputation if GTI is Not Set, or can we leave them be because they are excluded from scanning anyways?

Best Regards,

Ivan

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC