Threat Intelligence Exchange file and certificate details might be blank
Last Modified: 2023-05-22 06:17:53 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Threat Intelligence Exchange file and certificate details might be blank
Technical Articles ID:
KB86312
Last Modified: 2023-05-22 06:17:53 Etc/GMT Environment
Threat Intelligence Exchange Server (TIE Server) - all supported versions For details of TIE Server-supported environments, see KB83368 - Supported platforms for Threat Intelligence Exchange Server. Problem
Sometimes, the TIE file and certificate details might be blank.
CauseThe TIE Reputations page shows the list of files and certificates that the VirusScan Enterprise (VSE) on-access scan technology sees. But, it only shows the files that need reputation after signatures are applied.
When you double-click on any of the files or certificates, you drill down into further metadata. This data includes details, such as file size, or additional information, such as whether it's a hidden file. To operationally respond in time, the TIE solution splits the reputation query from the metadata submission between the TIE Module for VSE and the TIE Server. The missing details don't affect the protection level. This method also allows files and certificates to obtain object reputation from external providers, and their actual metadata from the endpoints in the managed environment. There are several use cases where the details might be blank:
Solution
It's expected behavior that some of the files and certificates don't have details until they're seen in the managed environment.
Affected ProductsLanguages:This article is available in the following languages: |
|