The Trellix Application Control Options Reputation setting must be configured to use the Trellix Global Threat Intelligence (Trellix GTI) option.

An XCCDF Rule

Description

<VulnDiscussion>If a Threat Intelligence Exchange (TIE) server is being used in the organization, reputation for files and certificates is fetched from the TIE server. The reputation values control execution at endpoints and are displayed on the Application Control pages on the Trellix ePO console. If the GTI is being used, reputation for files and certificates is fetched from the Trellix GTI. For both methods, the administrator can review the reputation values and make informed decisions for inventory items in the enterprise.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213330r944837_rule
Severity: Medium
References: CCI-001240
Updated: 8 months ago

From the ePO server console System Tree, select the "Systems" tab.

Select "This Group and All Subgroups".
Select the asset.
Select "Actions".
Select "Agent".Select "Modify Policies on a Single System".

From the product pull-down list, select Solidcore 8.x: Application Control.

From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)" that is specific for the asset being reviewed.

Select the "Reputation" tab.

Place a check in the "Use Trellix Global Threat Intelligence (Trellix GTI)" option.

Click "Save".

The Trellix Application Control Options Reputation setting must be configured to use the Trellix Global Threat Intelligence (Trellix GTI) option.

Description

Remediation - Manual Procedure