As you mention, the index keeps records of visited URLS etc. Perhaps somehow some entry triggers VirusScan. Would it make a difference when you remove thoose index files from one testpc and have it a go? I know it's not a real solution, but maybe it can help.
You can also send a sample to mcafee to have it tested for false positives.
Go to Access Protection -> Common Standard Protection -> Prevent common programs from running file from the temp folder.
If this is checked, it is possible that AV is not allowing script to run, as from logs this script runs from temp folder.
please confirm if this is happening.
This situation is very weird. I can't think of why wscript would be wanting to access the index.dat file.
I would find an affected pc, then run Sysinternals ProcessMonitor on it http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Create a filter with the process name of wscript
Then see what wscript is up to.
To submit flase positives, follow KnowledgeBase article KB66642 - How to submit files to McAfee Labs to be considered for false positive testing
I checked the affected user's System Event Log files, and it would appear that the alerts began right our system admin's deployed approximately ten Windows Updates, one of which is the MS Mailicious Removal tool. That specific update is my main suspect. However, I was unable to duplicate the problem on my own system when installing all of the same updates. I've asked our admin's to remove the Malicious Removal Tool from further updates, and have narrowed the number of affected systems to 35 users. So, I'm continuing to collect as much information as I can. Thanks for all the feedback!