Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1306
Views
0
Helpful
1
Replies

Intelligence Application Bypass

msanclimenti
Beginner
Beginner

‎10-17-2019 12:11 PM

My customer is receiving alerts for the PkgCatalog.z file. The customer is telling me it is a McAfee file. I cannot create a Clean List for this file since the hash is always changing. I am attempting to use IAB so I can trust the file and eliminate the file alerts. I have configured IAB with the only two Available Application choices, McAfee and McAfee AutoUpdate. I have the flow options low so the file can trigger at least one of the option for the FMC to evaluate the file and trust the file. So far, this has not worked.

I would like to know if anyone has used IAB with McAfee? If I am going in the wrong direction, any suggestions would be greatly appreciated. Thanks.

Labels:
0 Helpful
1 Reply 1

hassan.mehsen
Beginner
Beginner

‎10-17-2019 12:37 PM

IAB is not used for such scenarios, usually IAB identifies applications that you trust to traverse your network without further inspection if performance and flow thresholds are exceeded. For example, if a nightly backup significantly impacts system performance, you can configure thresholds that, if exceeded, trust traffic generated by your backup application.

 

What i recommend you to do is to trust  Mcafee as an application by using  application filter with an access policy.

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents