Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

How do I delete a Reputation Digital Vaccine (RepFeed) entry?

    • Updated:
    • 29 Aug 2017
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Summary

Reputation Feed (formerly known as RepDV) is now part of the Threat Digital Vaccine (ThreatDV) product, which is a subscription service that includes both the reputation database and the new Malware Filter Package.

The Reputation Feed identifies and delivers suspect IPv4, IPv6 and Domain Name System (DNS) security intelligence feeds from a multi-vendor, global reputation database so that customers can actively enforce and manage reputation security policies using the TippingPoint Next Generation Intrusion Prevention System (NGIPS) Platform. The addresses are tagged with reputation, geographic, and other identifiers for ready and easy security policy creation and management. The Reputation Feed provides the addresses and tags multiple times a day (two hours on average) in the same manner as standard Digital Vaccines.

Reputation Database entries provided by the ThreatDV service are read only and as such cannot be modified or deleted, only User Provided Entries can be modified. If you find that an IP address or DNS entry is being reported as malicious and you know that this information is incorrect, you can submit a correction by contacting the Trend Micro Technical Assistance Center (TAC).

Details
Public

Workaround:  While you are not able to delete or modify a ThreatDV service entry, you can create a "whitelist" or user provided entries that will in effect cancel out the entry that has been reported as malicious.  User Provided Entries take precedence over RepFeed entries. In order to create a "whitelist" you will have to perform the following steps;

  1. Create a Tag Category - Tag categories define the types of tags that may be used to tag reputation database entries. This kind of metadata helps describe an item and allows it to be found again by performing a search.
  2. Create a User Provided Entry - User provided entries contain the IP address or DNS domain name of the offending system.
  3. Create a Reputation Filter - A Reputation Filter associates an action set with one or more of entries in the Reputation Database.

Procedure:

a) Create a Tag Category
  1. Log in to the SMS from a client and on the top Navigation menu click Profiles.
  2. On the left Navigation menu select Reputation Database. The Reputation Database screen displays.
  3. On the Reputation Database screen select the Tag Categories tab.
  4. On the Tag Categories tab click Add. The Create Tag Category screen displays.
  5. In the General section enter the flowing information;
    • Name: Enter a name for the category. (e.g. whitelist)
    • Type: Select Yes/No from the drop-down menu.
    • Description: Enter a description for the category.
  6. On the Create Tag Category screen, click OK to close and return to the Tag Categories tab.
b) Create User Provided Entry
  1. On the left navigation menu select User Provided Entries. The User Provided Entries screen displays.
  2. In the User Provided Entries screen, click Add. The Create Reputation Entry screen displays.
  3. Select IP Address or DNS Domain depending on the entry you wish to whitelist.
  4. In the Tag area, select the Tag Category created in the previous procedure (e.g. whitelist) and select Yes from the options provided.
  5. Click OK when finished.
c) Create a Reputation Filter
  1. On the left navigation menu select the "Profile" that you wish to modify.
  2. On the "Profile" select User Defined Filters>Reputation / Geo. The Reputation Settings screen displays.
  3. In the Reputation Filters section, select New Reputation. The Create Reputation Filter screen displays.
  4. In the General Settings area under Filter Info enter a Name for the filter.
  5. In the Action area under Action Set select Permit+Notify from the drop-down menu.
  6. Select the Entry Selection Criteria tab, and in the Tag area:
    • Select the Tag Category previously created (e.g. whitelist).
    • Un-check the Reputation DV Score tag.
  7. Distribute the profile by selecting Distribute.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000088149
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.