Global Threat Intelligence File Reputation - best practices for minimizing network traffic

Technical Articles ID: KB74581
Last Modified: 1/19/2021

Environment

McAfee Global Threat Intelligence (GTI) File Reputation
Multiple McAfee products

Summary

Carefully consider the factors listed in this article when configuring your GTI File Reputation enabled endpoint to minimize network traffic.

Any process that performs extensive file reads, file writes, or both, can potentially generate increased levels of GTI File Reputation lookups.

The following are applications/situations that can potentially increase the number of GTI File Reputation lookups and increase network traffic generated as a consequence:

In-house developed software
Inventory agents
Users with administrative permissions able to install non-corporate approved software
Backup agents
Software rollouts

The following solutions help minimize the impact of these factors.

Solution 1

Inventory agents and backup agents

Identify the processes that are generating the high number of reads or writes.
Configure the processes as Low-Risk Processes and prevent scanning on reads or writes. For details about how to configure Low-Risk Processes with VSE, see KB55139.

If you want help to identify processes generating high number of reads or writes, contact Technical Support.

To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
- If you are a registered user, type your User ID and Password, and then click Log In.
- If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.

Solution 2

Software rollouts and software developed in-house
Use out-of-hours deployment for software rollouts and software developed in-house that generate a higher number of GTI File Reputation lookups. This approach helps reduce the impact of the increases on lookups.

Solution 3

Users with administrator permissions

When users have administrator permissions to install non-corporate approved software, this situation often generates more network traffic. The reason is the additional GTI Reputation lookup requests that these processes generate.

Remove administrative permissions from user accounts with the rights to install any non-approved applications. This approach avoids this increase in network traffic.

NOTE: Users with administrative permissions introduce a high level of risk to any corporate environment. Where possible, assign users to accounts with restricted administrative permissions.

Related Information

Affected Products

Best Practices
Host Intrusion Prevention 8.0 (EOL)
Network Security Sensor Appliance 9.2.x
Network Security Sensor Appliance 9.1.x
Network Security Sensor Appliance 10.x
SiteAdvisor Enterprise 3.5 (EOL)
VirusScan Enterprise 8.8 (EOL)

Languages:

This article is available in the following languages:

English United States
Japanese

Knowledge Center

Global Threat Intelligence File Reputation - best practices for minimizing network traffic

Environment

Summary

Solution 1

Solution 2

Solution 3

Related Information

Affected Products

Languages:

Title

Title

Knowledge Center

Global Threat Intelligence File Reputation - best practices for minimizing network traffic

Environment

Summary

Solution 1

Solution 2

Solution 3

Related Information

Affected Products

Languages:

Choose your region

Title

Title