cancel
Showing results for 
Search instead for 
Did you mean: 

McAfeeGW: Heuristic.BehavesLike.Exploit.X97.Codeexec.O

A user of an web application, that export some data into excel, report us this message.

What is it ?

what doses it mean?

What to do with this?

Thanks in advance

3 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: McAfeeGW: Heuristic.BehavesLike.Exploit.X97.Codeexec.O

Moved provisionally from home products to Business > Web Gateway for better attention.  Someone will answer you soon hopefully.

Highlighted

Re: McAfeeGW: Heuristic.BehavesLike.Exploit.X97.Codeexec.O

Hello,

that is probably the virus name from the block message the user received when using the web application. The website was scanned by the McAfee Web Gateway and the Antimalware engine classified the application as malicious based on a heuristic detection.

This doesn't mean that there must be a virus in the web application, but web applications that export data into your a desktop program is normally something that you don't want to allow generally. It's a potential security thread and the ProActive part of the engine blocked the web site.

If the web application is an internal script and trusted it could be scanned without the heuristic detection or completely whitelisted. This has to be done in the Web Gateway configuration.

Regards,

Dirk

Re: McAfeeGW: Heuristic.BehavesLike.Exploit.X97.Codeexec.O

Hi raymond.leruitte

in order to verify if this webpage/file ist misconfigured you may want to submit a sample to our Antimalware Team. We have a KB for that

Web Gateway: How to submit virus and anti-malware samples (false positives or false negatives) for analysis 

https://kc.mcafee.com/corporate/index?page=content&id=KB62662

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.