When a user requests the download of a file from the web, a lookup is performed to retrieve information that rates the file for its reputation.
The information is retrieved from the McAfee Global Threat Intelligence service, whose servers take the role of feedback servers, and relevant data is sent to these servers.
This data is sent each time a reputation lookup is performed for a file.
Data collected for file rating
The following types of data are collected for file rating.
- Name and version of the Skyhigh Security product involved in the scanning
- Name of the product component that scanned the file
- Version of the drivers that rated a file to be suspicious
- Version of the DAT file used for the scanning
- File hash
This hash uniquely identifies a file if it exists in a Skyhigh Security database.
This bit sequence indicates traits in a file structure that are common in malware.
- Environmental information
This bit sequence indicates environment cues commonly associated with malware. The information is based on and restricted to data that the operating system stores about a file. It does not include the file name or content stored in the file.
Disable data collection for file rating
You can disable the collection of data about file rating by disabling in-the-cloud lookups on the user interface of Secure Web Gateway.
- Select Policy > Settings.
- Under Engines > Anti-Malware select the Anti-Malware settings you want to disable in-the-cloud lookups for.
- Under Advanced Settings deselect Enable GTI file reputation queries.
- Click Save Changes.