Title

The Trellix Threat Intelligence Exchange (TIE) Server Management Product Improvement Program must be disabled from collecting and sending anonymous data about certificates and file hashes to Trellix. (Cat II impact)

Discussion

The Product Improvement Program allows Trellix to collect anonymous data about certificates and file hashes. This data helps Trellix learn about threats and prioritize what is allowed or blocked.

Check Content

This check must be completed for the active Trellix TIE Server Management policy that manages the site Trellix TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "General" tab. Under "Product Improvement Program", verify the check box for "Enabled" is not selected. If the check box for "Enabled" is selected, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "General" tab. Under "Product Improvement Program", remove the check from the check box for "Enabled". Click Save.

Additional Identifiers

Rule ID: SV-221999r961596_rule

Vulnerability ID: V-221999

Group Title: SRG-APP-000427

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.