You can validate it through McAfee OAS logs. for exclusion please find below details :
You can validate it from ePO policies : VirusScan Enterprise > On-Access General Policies > Default Policy > ScriptScan Exclusions.
Or you can validate it through locally on machine : HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SystemCore\VSCore\Script Scanner (VSE 8.8 version)
You should call McAfee suport and they will provide you how to enables ScriptScan debug login.
Please check the Note on the KB70013:
NOTE: Debug logging instructions are provided by McAfee Technical Support
After enabling debug login you will see the log like this:
and it will create the files .tmp
I hope this help.
you can also install something called McAfee TAT which should show you which websites are triggering alerts...or at least the IP address.
If you Google for Threat Alert Trace (I think) there is a guide on installing this....but how would it work with a proxy is a bit confusing.
I dont have it running in my environment, but I think this will log which sites are doing it.....I would test push it out to 2 or 3 machines and then retrieve the
DNS logs from machines triggering to see if you can decipher which webpages triggered this.....then do a proof-of-concept to see what Threat Alert Tracer reports on your machines.
This is available on this site as a Beta...i think. Hit me up if you have trouble finding it...i am too