Use the Event Manager and McAfee ePO Dashboards to see the files and certificates that are allowed
or blocked based on the policies.
You can view detailed information in the Event Manager by system (computer), file, rule, or certificate
and quickly see the number of items identified and the actions taken. Based on the information you
see, you can adjust the reputation settings for specific files or certificates so that appropriate action is
taken.
For example, if a file's default reputation is suspicious or unknown but you know it's a trusted file, you
can change its reputation to trusted so that it runs in your environment without blocking or prompting.
This is especially useful for internal or custom files used in your environment.
• Use the TIE Reputations feature to search for a specific file or certificate name. You can view details
about the file or certificate, including the company name, SHA-1 Hash, description, and McAfee GTI
information. For files, you can also access VirusTotal data directly from the TIE Reputations details
page to see additional information.
• If you identified a harmful or suspicious file, you can quickly see which systems ran the file and
might be compromised.
• Change a file or certificate's reputation as needed for your environment. The information is
immediately updated in the database and sent to all devices in your environment. Files and
certificates are blocked or allowed based on their reputation.
If you're not sure what to do about a specific file or certificate, you can block it from running while
you learn more about it. Unlike a VirusScan Enterprise Clean action, which might delete the file,
blocking keeps the file in place but doesn't allow it to run. The file stays intact while you research it
and decide what to do.
• Import file or certificate reputations into the database to allow or block specific files or certificates
based on other reputation sources. This allows you to use those settings for specific files and
certificates without having to set them individually on the server.
Submitting files for further analysis
If a file's reputation is unknown or uncertain, you can submit it to Advanced Threat Defense for further
analysis.
Advanced Threat Defense detects zero-day malware and combines anti-virus signatures, reputation,
and real-time emulation defenses. Files can be sent from Threat Intelligence Exchange to Advanced
Threat Defense automatically based on their reputation level and file size.
Threat Intelligence Exchange also includes a Product Improvement Program where file information is
sent directly to McAfee for analysis and to collect file reputation information. The following anonymous
information is sent to McAfee and is used to further understand and enhance reputation information.
McAfee does not collect personally identifiable information, and does not share information outside of
McAfee.
File and certificate information
• Threat Intelligence Exchange server and module versions
• Reputation override settings made with the Threat Intelligence Exchange server
• External reputation information, for example from Advanced Threat Defense
2
Using Threat Intelligence Exchange
Getting started with Threat Intelligence Exchange
14
McAfee Threat Intelligence Exchange 1.0.0 Product Guide
(15 strony)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji