cancel
Showing results for 
Search instead for 
Did you mean: 

MWG file detection

Hi,

I have MWG version 7.6.2 .

I imported a rule that blocks download of executable files .

However , some files are blocked as configured  - but other .exe files  are downloaded .

Does someone have an idea ?

Thanks,

Eden

4 Replies
Reliable Contributor jacek
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: MWG file detection

It could be connected with SSL Scanner - do you scan SSL traffic?

How executable files are blocked and please give examples of blocked and not blocked URLs.

Re: MWG file detection

Hello,

Link that is being blocked : http://150.co.il/TeamViewerQS.exe

Link that is being blocked :https://download.teamviewer.com/download/TeamViewer_Setup.exe

Thanks,

Eden

McAfee Employee mkutrieba
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: MWG file detection

Hi,

I tested both links in my lab but was unable to reproduce a block, doesn't matter whether GTI lookups are enabled or not.

As Stefan has written, open a SR that Support can look at this.

Therefore, please open a normal SR and follow this KB:

McAfee Corporate KB - How to submit Web Gateway virus and anti-malware samples (false positives or f...

Important information would be a feedback file (there we have the MWG, engine and DAT version and can test your configuration), screenshot of block message, error message from foundvirus log, rule trace (that we can see where the request is running through) and the password protected sample.

Regards,

Marcel

McAfee Employee sbluemel
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: MWG file detection

Hello Eden,

Please use the Rule Engine tracing for troubleshooting if the block rule got also executed and is not bypassed due to any other rule:

Verify that the SSL Scanner is executed for HTTPS connections ( )

If you need help analyzing this behaviour file a support request and upload the data into this Service Request. Please do NOT post this confidential data here.

Regards,

Stefan

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community