cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 2

False Positive from McAfee-GW-Edition

Jump to solution

 

According to Virustotal, BehavesLike.Dropper.dc was the flagged.
Could y ou please whitelist this file? Thank you!...

 

 

https://www.virustotal.com/gui/file/d980b93b1de93bb1bf294a0e0a9d28fa05c473a1f670e5cabdd5b28add352495...

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: False Positive from McAfee-GW-Edition

Jump to solution

Hello,

the file is clean through my default MWG policy.

We need to check this from different perspectives (policy, settings, sample file).

Therefore, please create a Service Request and attach the following:

To troubleshoot a potential false positive, we need the following debug data:
-feedback file (to double-check your configuration and policy and to perform tests with it)
-rule trace (to double-check which rules and settings were applied for this specific request/response)
-password protected sample as described in “Virus To File.pdf” in KB62662
-download URL and/or blocked URL
-screenshot of error message in browser

Further information here:
https://kc.mcafee.com/corporate/index?page=content&id=KB62662

Once I have received this information, I can try to reproduce the issue with given sample/URL and check whether your policy is configured as recommended. In case, it is a false positive which can be reproduced and is not caused by a mis-configuration in policy, I can use the provided information and contact our Labs team for further analysis.

FEEDBACK FILE
1) Navigate to "Troubleshooting" > select the MWG you are testing on > "Feedback"
2) Keep the option "Pause running McAfee Web Gateway to create a backtrace (recommended)" enabled (this will NOT stop any service!)
3) Click the "Create Feedback File" button. This way we get your policy, configuration and debug information.
Via CLI:
# /opt/mwg/bin/feedback.sh -l 2

RULE TRACE
1) Navigate to "Troubleshooting" > "Rule tracing central"
2) Select the MWG which currently processes your traffic and enter the client IP you are testing with
3) Press the "Go" button, reproduce the issue and stop the rule trace afterwards
4) Click on "Export" > "Export visible traces..."

Debug Data can be uploaded to the SR using the portal or the following URL:
https://support.mcafee.com/webcenter/portal/supportportal/pages_upload

Regards,
Marcel Kutrieba
Technical Support Engineer

View solution in original post

1 Reply
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: False Positive from McAfee-GW-Edition

Jump to solution

Hello,

the file is clean through my default MWG policy.

We need to check this from different perspectives (policy, settings, sample file).

Therefore, please create a Service Request and attach the following:

To troubleshoot a potential false positive, we need the following debug data:
-feedback file (to double-check your configuration and policy and to perform tests with it)
-rule trace (to double-check which rules and settings were applied for this specific request/response)
-password protected sample as described in “Virus To File.pdf” in KB62662
-download URL and/or blocked URL
-screenshot of error message in browser

Further information here:
https://kc.mcafee.com/corporate/index?page=content&id=KB62662

Once I have received this information, I can try to reproduce the issue with given sample/URL and check whether your policy is configured as recommended. In case, it is a false positive which can be reproduced and is not caused by a mis-configuration in policy, I can use the provided information and contact our Labs team for further analysis.

FEEDBACK FILE
1) Navigate to "Troubleshooting" > select the MWG you are testing on > "Feedback"
2) Keep the option "Pause running McAfee Web Gateway to create a backtrace (recommended)" enabled (this will NOT stop any service!)
3) Click the "Create Feedback File" button. This way we get your policy, configuration and debug information.
Via CLI:
# /opt/mwg/bin/feedback.sh -l 2

RULE TRACE
1) Navigate to "Troubleshooting" > "Rule tracing central"
2) Select the MWG which currently processes your traffic and enter the client IP you are testing with
3) Press the "Go" button, reproduce the issue and stop the rule trace afterwards
4) Click on "Export" > "Export visible traces..."

Debug Data can be uploaded to the SR using the portal or the following URL:
https://support.mcafee.com/webcenter/portal/supportportal/pages_upload

Regards,
Marcel Kutrieba
Technical Support Engineer

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community