I'm having the same issue. Logged into ePO this morning and noticed over 1200+ pieces of "Malware" generated as "Suspicious Attachment!script"
Any thoughts on this, i'd hate to roll back the DAT file.
Thanks in advance.
Just updated the V3 DAT to 2892, seems like the issue is still occurring with this DAT Version as well.
I had noted two occurrences of this event yesterday, and had noted that one that I managed to get a hold of seemed legitimate. Hadn't had a chance to investigate further yet.
I've just had an email forwarded from my SAM with this:
We've had two of escalations today for a false PUP detection of Suspicious Attachment!xxxx. Note that this is only being seen in ENS.
Due to the type of detection driver, this is not something that can be resolved via an extra.dat.
Should you have a customer report this false, the interim solution is for the customer to add the following as PUP exclusions in ENS:
The false should be corrected with tomorrow's DATs. After updating, the customer will want to remove the added exclusions.
I've added these four into my ENS Threat Protection --> Options policy for today, and will test Monday after the new AMCore version comes out.
Thanks johnmoe, for the workaround. I opened a case with McAfee and they told me to excluded Outlook.exe which i didn't want to do and the last resort was to revert the DAT.
Had over 3,000+ hits of Suspicious Attachment!script from ENS
Latest from McAfee 08:45 GMT. " The issue will be dealt with in an AMCore release later today. Although I have the exclusions in that McAfee have recommended (Same as Johnmoe), I'm retaining the policy of not updating until I've tested this one fully..... and I certainly don't recommend Excluding Outlook.exe (Alka).
I understood to Roll back for DAT. But I dont accept exculusion for Outlook.exe. Example outlook.exe high process in McAfee default policy. A lot of threat coming to outlook.exe process..
I'm seeing hundreds of Suspicious Attachment!script detections on AMCORE DAT 2892 from users with the Salesforce Outlook plugin.