1 2 Previous Next 10 Replies Latest reply: Jul 12, 2013 9:59 AM by ash_s RSS

    Heuristics  ... on  a Monday   (seriously, does anyone actually live with these things?)


      Dear McAfee Web Gateway,


      For the 20th time,  https://ssl.gstatic.com/analytics/20130611/web/analytics.js  probably isn't freakin' malware.     You think it's  "MGW: Heuristic.BehavesLike.JS.BufferOverflow.O" again, but I strongly suspect it's not.   No more than it was the other 19 times I've reported it going back to November of 2012.


      See, here's the problem:    The people that monitor google analytics for our enterprise's web properties get really cheesed every time Heuristics re-detects analytics.js   (because it does frequently change apparently).  When they login to the analystics site, blocking that file breaks the entire site.   And those nearly useless checksum based whitelist entries the Virus_research_gateway@avertlabs.com  team puts in every time I repeatedly report the false positive.... cease to be effective when that file changes.   You're wasting a lot of people's time.   I've had to whitelist that thing in policy now.  I hope you're happy. 


      So,  McAFee Web Gateway, if we're going to continue to be friends,  could you figure out a way  to deal with AV heuristics in a more sustainable fashion than whitelisting specific files by checksum?    Because I'm this close to turning heuristics off, much as support urges me not to and assures me that Heuristics are what makes you so special, and I've seen one, at most two things it actually caught that were a threat in the year I've been running them.   See also the enhancement request that's been logged for you for several months on this issue.  




        1 2 Previous Next