cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iverbuyst
Level 9
Report Inappropriate Content
Message 1 of 3
‎03-31-2021 10:40 PM

TIE - PE Executable in excluded folder shown on TIE Reputation Page

Jump to solution

Hello,

We've excluded a folder in OAS to prevent ATP from getting trigged when an executable is executed from that folder.

When we execute an executable from that folder we see an entry in the AdaptiveThreatProtection_Activity log that the executable is excluded from scanning, which is as expected. But we see the executable appearing on the TIE Reputation Page as unknown.

Is it normal that a file that has been excluded gets an entry on the TIE server?

Best Regards,

Ivan 

0 Kudos
Reply
1 Solution

Accepted Solutions
bbarnes
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎04-01-2021 09:06 AM

Re: TIE - PE Executable in excluded folder shown on TIE Reputation Page

Jump to solution

Hello iverbuyst, 

 

This question would likely be better answered in the ENS group as it is their functionality involved. Based on some quick testing I have done it appears that the file is skipped for TIE evaluation (No reputation request, etc) however the metadata of the file may be sent over to TIE server. Metadata submission is an out of band operation with reputation requests. 

 

Thanks

Brian 

View solution in original post

Reply
2 Replies
bbarnes
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎04-01-2021 09:06 AM

Re: TIE - PE Executable in excluded folder shown on TIE Reputation Page

Jump to solution

Hello iverbuyst, 

 

This question would likely be better answered in the ENS group as it is their functionality involved. Based on some quick testing I have done it appears that the file is skipped for TIE evaluation (No reputation request, etc) however the metadata of the file may be sent over to TIE server. Metadata submission is an out of band operation with reputation requests. 

 

Thanks

Brian 

Reply
iverbuyst
Level 9
Report Inappropriate Content
Message 3 of 3
‎04-03-2021 02:01 AM

Re: TIE - PE Executable in excluded folder shown on TIE Reputation Page

Jump to solution

Hello @bbarnes ,

Thanks for testing and confirming the behavior that we see.

Best Regards,

Ivan

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC