0 Replies Latest reply on Apr 28, 2010 9:24 AM by protector

    HIPS generating False positives on .CHM file types

    protector

      This issue began last week.  Seems like right after the new content 3159 was released.  I have users that use Outlook via web and other users that authenticate via a secure site to allow access to their CAC cards via web.  When these users try to access Outlook or try to access their CAC cards the following two signatures are triggering, 1) 2762 (Outlook Envelope - Compiled Help File Execution ) for Outlook access and 2) 2662 (IE Envelope - Compiled Help File Execution) when trying to authenticate for CAC card access.

       

      These seem to be false positives and I have created exceptions for them.  However, I would like to know if anyone has seen this issue? These sigs are triggering on the .CHM help files only. 

       

           In addition, I would like to know if anyone else has worked with Mcafee in regards to false positives and what they were told to do with them?  McAfee does have an email address where we can send the detailed activity of the event but it just goes into a lost bucket.

       

      Thanks for any information.