1 2 Previous Next 13 Replies Latest reply on Nov 26, 2014 12:36 PM by uncle_scrooge

    Strange behaviour of anti-malware engine (heuristic)

    uncle_scrooge

      Hi.

       

      What we have:

      Two gateways as virtual machines.

      One gateway as appliance (4000) at a remote location.

      Rules and lists are identical on all three machines. MWG versions are identical, too.

       

      Since a couple of days nearly all downloads from our site are blocked.For example:

      [23/Oct/2014:15:19:03 +0200] "USERNAME" "IP_address" "McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious-DTR.K" "http://www.triumph-adler.de/C125712200447418/vwLookupDownloads/KxDriver_cCD_cLP_ 20141017.zip/$FILE/KxDriver_cCD_cLP_20141017.zip"

       

      OK, annoying enough, as the files are clean.

      But the strange thing is, this happens only on the virtual machines. No problem on the appliance.

       

      Has anyone seen something similar? And has an explanation? This drives me crazy.

       

      Thanks.

       

      Peter

        1 2 Previous Next