cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ssedhai
Level 9
Report Inappropriate Content
Message 1 of 4
‎06-16-2020 12:23 PM

Violating the rule GTI Rule - Out and was Blocked.McAfee GTI was queried

Jump to solution

I am trying to browse the page 

https://hrpayroll-se.ceridian.com/RedwoodSSO/default.aspx?

and the McAfee firewall blocked the access with the following log. 

chrome.exe tried to access 45.60.108.3, violating the rule GTI Rule - Out and was Blocked.
Analyzer / Detector
Product name McAfee Endpoint Security
Analyzer rule ID 842b58c7-c551-4e29-a30a-3d97566b0089
Analyzer rule name GTI Rule - Out
Analyzer technology version 10.6.1.1443
Product version 10.6.1
McAfee GTI query Yes
Feature name Firewall

Threat
Action taken Blocked
Threat category Intrusion detected
Threat event ID 35001
Threat handled Yes
Threat name GTI Rule - Out
Threat severity Alert
Threat timestamp 6/16/2020 10:59 AM
Threat type Intrusion

Source
Source access time 6/3/2020 5:03 PM
Source create time 11/12/2019 4:51 PM
Source description GOOGLE CHROME
Source device display name ST500LM000-1EJ162 ATA Device
Source device PID PCIIDE\IDEChannel\4&2eccbe94&0&0
Source device serial number PCIIDE\IDEChannel\4&2eccbe94&0&0
Source device VID PCIIDE\IDEChannel\4&2eccbe94&0&0
Source file path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Source file size 1847296
Source file hash 41B0D9EFFB60543D1D545A17CEF9C28C
Source IPV4 10.10.10.10
Source MAC ECF4BB077BDB
Source modify time 6/1/2020 8:07 PM
Source parent process hash 41B0D9EFFB60543D1D545A17CEF9C28C
Source parent process name chrome.exe
Source parent process signed Yes
Source parent process signer C=US, S=ca, L=Mountain View, O=Google LLC, CN=Google LLC
Source port 65509
Source process name chrome.exe
Source signed Yes
Source signer C=US, S=ca, L=Mountain View, O=Google LLC, CN=Google LLC
Source user name DOMAIN\username

Target
Target file size (bytes) 0
Target IPV4 45.60.108.3
Target parent process signed No
Target port 443
Target protocol TCP
Target signed No
Target user name DOMAIN\username

Other
Vector type Local System
Direction Outgoing
Duration before detection (days) 14
Description chrome.exe tried to access 45.60.108.3, violating the rule GTI Rule - Out and was Blocked.McAfee GTI was queried.
ICMP type 0
Throttled event count 1



 

I checked the reputation of the link and it is a valid business link with no issues. How do we update the GTI? I also tried to create the rule to allow but it didn't work. Did someone get a similar issue? I think disabling the GTI is not the best option here. Please suggest to me. 

On other hand, I have mailed sites@mcafee.com as well about this issue as well. Thank you! 


 

0 Kudos
Reply
1 Solution

Accepted Solutions
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 4
‎06-17-2020 12:21 AM

Re: Violating the rule GTI Rule - Out and was Blocked.McAfee GTI was queried

Jump to solution

Hi @ssedhai 

You've indeed followed the correct steps by emailing sites@mcafee.com - as described in https://kc.mcafee.com/corporate/index?page=content&id=KB90837 this is the correct way to dispute a rating.

You can also use the "Not trusted" option within the ENSFW Options policy to make an exception as described here: https://docs.mcafee.com/bundle/endpoint-security-10.6.0-firewall-client-interface-reference-guide-wi...

View solution in original post

0 Kudos
Reply
3 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 4
‎06-17-2020 12:21 AM

Re: Violating the rule GTI Rule - Out and was Blocked.McAfee GTI was queried

Jump to solution

Hi @ssedhai 

You've indeed followed the correct steps by emailing sites@mcafee.com - as described in https://kc.mcafee.com/corporate/index?page=content&id=KB90837 this is the correct way to dispute a rating.

You can also use the "Not trusted" option within the ENSFW Options policy to make an exception as described here: https://docs.mcafee.com/bundle/endpoint-security-10.6.0-firewall-client-interface-reference-guide-wi...

0 Kudos
Reply
ssedhai
Level 9
Report Inappropriate Content
Message 3 of 4
‎06-17-2020 12:45 PM

Re: Violating the rule GTI Rule - Out and was Blocked.McAfee GTI was queried

Jump to solution

@Former Member I get the reply from the GTI team and the URL no longer hits the intrusion. Thank you! 

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 4
‎06-18-2020 12:26 AM

Re: Violating the rule GTI Rule - Out and was Blocked.McAfee GTI was queried

Jump to solution

Great news @ssedhai 🙂

Thanks for following up.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC