Reputation values received from sources

Here are the reputation values provided by the TIE and McAfee GTI servers.

From TIE server

For an executable file or certificate, the TIE server provides scores from various providers, such as ATD, McAfee GTI, and ETL that Application Control uses to compute reputation. Here are the provided values.

  • Known trusted
  • Most likely trusted
  • Might be trusted
  • Unknown
  • Might be malicious
  • Most likely malicious
  • Known malicious
  • Not set

From McAfee GTI

For each executable file, McAfee GTI provides the reputation and classification values.

  • File Hash Reputation — Indicates if the file is trusted or malicious. Based on information fetched from McAfee GTI, the application and files are sorted into categories on the Application Control pages.
  • File Hash Classification — Indicates the reliability or credibility of the file. The assigned value indicates if the file is trusted, unknown, or malicious.

For each certificate, McAfee GTI provides a score that indicates its reputation.

McAfee GTI classification for files McAfee GTI score for certificates Description
known_clean 99 Known trusted
analysed_clean, assumed_clean 85 Most likely trusted
raiden_analyzed_clean, noise_clean 70 Might be trusted
unknown 50 Unknown
assumed_dirty, assumed_dirty2 30 Might be malicious
assumed_dirty3, assumed_dirty4 15 Most likely malicious
pup, trojan, virus, app 1 Known malicious
Not available 0 Not set