cancel
Showing results for 
Search instead for 
Did you mean: 
dcaffrey
Level 10

MWG7 Heuristics False Positive

Jump to solution

Hi,

I'm getting a malware detected - MGW: Heuristic.BehavesLike.JS.BufferOverflow.C - on this page http://www.goldenpages.ie/search/charter.html

This is a phone directory site and would be widely used

Is there a way to modify the level of Heuristic scanning or is it just On/Off ?

What is the best way to deal with this type of issue ?

Thanks,

Dec

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: MWG7 Heuristics False Positive

Jump to solution

Hello!

As far as a false postive, check out:

https://kc.mcafee.com/corporate/index?page=content&id=kb62662

This outlines how to submit false positives. As far as modifying the level of heuristic scanning, you can do it in the engine settings for antimalware, under Policy > Settings > Engines > Antimalware.

There is also a million other settings that can be adjusted as per your needs in the engine as well.

~Jon

0 Kudos
4 Replies
McAfee Employee

Re: MWG7 Heuristics False Positive

Jump to solution

Hello!

As far as a false postive, check out:

https://kc.mcafee.com/corporate/index?page=content&id=kb62662

This outlines how to submit false positives. As far as modifying the level of heuristic scanning, you can do it in the engine settings for antimalware, under Policy > Settings > Engines > Antimalware.

There is also a million other settings that can be adjusted as per your needs in the engine as well.

~Jon

0 Kudos
scottl
Level 7

Re: MWG7 Heuristics False Positive

Jump to solution

I have the same issue with the heuristics, although MWG caught "here you have" on day zero with an Artemis query.  The "behaves like" detections seem way too false positive-ish to be valid for deployment.  The settings we currently have are at

Mobile Code Behaviour = 90

PUP probability = 80

which should be leaning heavy towards less false positives.  If there are other places to adjust the settings please let me know..

0 Kudos
dcaffrey
Level 10

Re: MWG7 Heuristics False Positive

Jump to solution

Hi Jon,

Thanks for the link, sent a sample for analysis and it has been confirmed as a False Positive, fix will be included in future updates.

Dec

0 Kudos
btlyric
Level 12

Re: MWG7 Heuristics False Positive

Jump to solution

Jon,

Is there an option to submit a link to a file that triggers a false positive?

For example, http://downloads.sourceforge.net/project/pidgin/Pidgin/2.10.6/pidgin-2.10.6.exe?r=&ts=1351316421&use... triggers McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious-PKR.O

I don't mind putting in some effort to help vendors address issues with their products, but if I have to jump through multiple hoops to do so, it reduces the likelihood that that'll actually happen.

Rgds.

0 Kudos