We detected same issue a month ago.
Investigation shows that the problem at the browser side (browser send authorization request after successfull authorization).
For business critical sites i open access without authorization (look at page 131 of MWG system configuration administration guide).
But i think that the McAfee can add some additional measures to help resolve this issue (- do not check authorization if user already authorized).
In Web Gateway 6.8.7 you can use the ICAP tracing feature located in Configuration > Debugging > Tracing
We recommend using 'Trace connection only for source IP' and enter your client IP only to minize the amount of files created.
When you have your client browser ready for testing then you can check 'Connection tracing' and apply the changes.
When your done testing make sure to uncheck connection tracing and apply the changes.
On that very same page there's a link to open the list of traced connections created whilst testing and you will see many files.
If you take a look at the screen shot I highlighted the two files of interest which contain the letters 'is' as part of the file name.
When you open these files you will see something like the image below. The first dot shows my client machine make a CONNECT request to community.mcafee.com, then the ICAP server figures out I am not authenticated and replies with an HTTP 407 - Proxy Authentication Required.
You can use this example if you choose to further troubleshoot on your own. This can be applied to filtering issues as well and thus not limited to authentication. However, If its becoming too much of an issue I would call technical support and have them aid with this issue.