Extract one of the suspected files and upload it ti http://www.virustotal.com
Your file will be checked against more than 40 different malware scanning products.
If only McAfee detects a threat it is possibly a false-psoitive which you then have to send to McAfee Labs:
Does McAfee have details on how to restore suspect files from the quarentine? I'm sure you have disable the VSE before hand as well?
I would recommend the following:
1) Copy the corresponding BUP files from the clients quarantine directory to an usb stick
2) Copy them to the quarantine folder on a single, not corporate network connected PC with internet access
3) Stop the On-Access Scanner on this client
4) Restore the files via VSEs Quarantine Manager
Also a VMWare could be used. And be careful when dealing with "infected" files.
If you do not want to do it this way send the BUP file directly to McAfee and tell them it is a false-positive suspect.
Then they will analyse the file and give you feedback.
Tom- thanks for the reply. When restoring the BUP files with the quarentine manager, where are they restored to file path wise?
They are restored to the original path from where they were quarantined.
You can check the path before restoring by viewing the properties of the quarantined item in VSE Quarantine Manager.
One last question, for VSE 8.7, what is the default location for mcafee's quarentine folder?
c:\quarantine (configured in the VSE QUarantine Manager settings)