Showing results for 
Show  only  | Search instead for 
Did you mean: 

Increased Heuristic False Positives MWG 7.5.0


Since upgrading to McAfee Web Gateway 7.5.0 (running locally on a VM) I've seen the number of anti-malware false positives increase by almost 400%.  This includes common things such as display drivers from Intel.  The most common detection is for Heuristic.BehavesLike.Win32.Suspicious.H!70.  Running these links through never shows any detections.  The files (once they've been excluded from scanning and downloaded) are then scanned by McAfee VirusScan which doesn't trigger any detections.  For example:

I've noticed a few discussions about odd behavior of the anti-malware engine on the MWG recently and I'm wondering if there's a trend and this is something we should be aware of...and of course what the recommended remediation for the issue would be from McAfee's perspective.

Anybody have any thoughts on this?  If you've found this discussion because you're having similar issues, please chime in as well. 



3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Increased Heuristic False Positives MWG 7.5.0

Hi Trevor,

some of the threads which are active right now are all about the same issue but it seems your case is a little different.

It is possible that with 7.5.0 a newer version of the Antivirus/Antimalware engines was released and pushed to your MWG, which could explain why you see a different behaviour. While we could use this thread to collect the observations of other customers (e.g. did you notice a similar behavior?) I recommend to file a Service Request with Support and provide them with a handful of sample files and a feedback of your MWG installation. They will be able to replicate the issue and see if this is really a problem with the newer version or maybe independent. Also they are able to escalate the false detections if required.

Note: Please exactly state that you saw increasing the number of false positives after the upgrade of MWG. If you simply state "false positives" you might be send to labs directly, which is not the group you need to talk to.

For other customers could you please summarize how you detected the "400%" increase? Maybe by looking at some dashboard graphs (which ones exactly?)? This would make it easier for other people to quickly look onto their installation and see if they have a similar problem or not.



Re: Increased Heuristic False Positives MWG 7.5.0

Hello Andre,

Thanks for the response.  For the other customers investigating a possible similar issue, I used a couple resources to get the "400%" increase statistic.  Turns out it's actually a much higher increase.  I based my statistic off the e-mail alerts I have being generated when Malware is reported.  I used to get 1-2 of these a day.  Immediately after upgrading to 7.5.0 I started getting 8-10+ alerts per day.

The Web Gateway also has a built in dashboard that illustrates this perfectly.  Go to Dashboard -> Charts and Tables -> Executive Summary

From there if you turn off all other indicators and just leave on the "Blocked by Anti-Malware" indicator they might see a large jump following the upgrade.  Here's what mine looks like after the upgrade I performed late evening on the 26th:


Notice the drastic increase...It never went above 25 in a day and after the upgrade it peaked over 175.  We have very little traffic over the weekend which explains the 2-day decline after the increase.

These detections are all Heuristic detections, but no changes were made to the system aside from the upgrade itself.



Level 9
Report Inappropriate Content
Message 4 of 4

Re: Increased Heuristic False Positives MWG 7.5.0

Hi Trevor --

Can you tell me what your Mobile Code Behavior threshold is set to? I've copied mine below for reference:


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community