Anyone else having issues where the "Gateway Anti-Malware" throws an error on almost every download? This includes Firefox download, Safari download, Tax software downloads, etc... These are trusted downloads.
If I turn off "Gateway Anti-Malware" and select McAfee Anti-Malware, the problems disappear.
Anyone else have this list in version 126.96.36.199?? It seems like this list is being used even though it is not checked anywhere in my rule set.
Any of these downloaded media types throw a Malware error. Which is basically ALL .exe files because this list includes application/executables. When the error comes up there is no Virus Name
This is downloading Firefox from Mozzila.com
Message was edited by: jont717 on 1/18/11 10:15:25 AM CST
I had a similar issue of getting to many false positives with the AntiMalware. My problem came in the misinterpretation of the Mobile Code Behavior settings. I had the bar slide all the way to the left, thinking that was the lowest setting, when in face this will lead to many false positives. I noticed in one of your screenshots, the slider was all the way to the left. Try putting it in the middle or 3/4 of the way to the right. Per McAfee:
I just downloaded the same file without an issue. Gotta be a misplaced settings somewhere, but its hard to say without knowing your configuration.
Thanks for your help. Anyway you can take a screen shot of your Gateway Antimalware settings?
Do you have heuristic scanning disabled? I am running 188.8.131.52 (9319)
The MSI installation files are often blocked by Mobile Code Scanning. In your case the resposible setting should be Potentially Unwanted: Suspicious activity.
We are already looking into this issue (especially with the mysql installer packages). We try to find out if it's a False Positive by the antivirus engine or if it has something to do with the Archive Handler (which extracts the files from the installer package and feeds them to the AV engine).
Sorry, turned out it wasn't all that easy. When testing with the mysql download I was only able to download the file when I disabled Mobile Code Scanning altogether. Everything else leads to a block message with a "Heuristic.BehavesLike.Exploit.CodeExec.EOO" detection message.
This seems to come from the AV engine itself and is not related to the Archive Handler. The blocked file inside the package is libmysql.obj, which will be blocked even if it's downloaded on it's own.
The download is not blocked in MWG 6.x, as the archive handler there can not look into .a/.lib files.
I've submitted the file to the Virus Research team, so that they can look into this.Message was edited by: Dirk Straube on 1/19/11 10:12:24 AM CST