How Adaptive Threat Protection works

Rules determine which actions to take based on multiple datapoints such as reputation, local intelligence, and contextual information.

Adaptive Threat Protection functions differently, depending on whether it is communicating with TIE:

  • If the TIE server is present, Adaptive Threat Protection uses the Data Exchange Layer framework to share file and threat information instantly across the whole enterprise. You can see the specific system where a threat was first detected and where it went from there, and stop it immediately.

    Adaptive Threat Protection with TIE server enables you to control file reputation at a local level, in your environment. You decide which files can run and which are blocked, and the Data Exchange Layer shares the information immediately throughout your environment.

  • If the TIE server isn't present and the system is connected to the Internet, Adaptive Threat Protection uses McAfee GTI for reputation decisions.
  • If the TIE server isn't present and the system isn't connected to the Internet, Adaptive Threat Protection determines the file reputation using the JTI content (Threat Intelligence Exchange module content) for signed applications.

If the TIE server and Data Exchange Layer are present, Adaptive Threat Protection and the server communicate file reputation information. The Data Exchange Layer framework immediately passes that information to managed endpoints. It also shares information with other McAfee products that access the Data Exchange Layer, such as McAfee® Enterprise Security Manager (McAfee ESM) and McAfee® Network Security Platform.