Heuristic feature gives false positives with VSE 7.1.0 1

[cheshireDan]

We are using VSE on the desktop. At the end of last year we upgraded from 7.0.0 to 7.1.0 since when we have had numerous instances of false positives resulting from the heuristic scanning feature.
We have always had this feature enabled but we are now considering switching it off because of the irritation caused to uses by these false positives.
I am not aware of the heuristic scanning ever discovering a REAL new virus!
Are other people experienceing similar issues? Would I be loosing much by switching heuristics off?

 

[JimmyZ1]

Not sure what you'd be losing, but have you tried any of the patches available for VS7.1 I think there is something like 18 patches for it.

On a side note, I've never seen Heuristic's catch anything

 

[cheshireDan]

We have not applied any patches but I have reviewed the Info for each patch on the McAfee web-site and none of them make any mention of any issue with heuristics.

 

[JimmyZ1]

Sorry eh... we use 8.0i with heuristic's enabled along with alot of other stuff...

Wish I could help more...

 

[VictorySabre]

I used to use heuristics, but it got me a lot of false detections as well. We decided to turn that feature off as it got really annoying.

Also, when we did have heuristics turned on (at least when we used to use VirusScan 4.5.1), the performance of the PC was degraded.

Of course, if McAfee ever indicated a virus needed heuristics enabled to detect a new virus not presently detected by the current DAT files, but would be detected as a variant using heuristics, only then would I turn it on for that moment until full official detection was available.

 

[SPV]

Do the false positives come from the On-Access (or On-Demand) scanners, or the On-Delivery Email scanner?

We have been using VSE 7.1 with both program and macro heuristics switched on for just over a year now. In that time we have had no false positives from the On-Access or On-Demand scanners (except when McAfee have released a DAT with a false positive definition, which is a different matter).

We have email virus scanning in place at the server and internet gateway layer (and we lock down the configration of the email client), so we avoid the performance hit on our PCs by not using the On-Delivery Email Scanner. We just have one PC which does use it, because we use it to check emails which have been quarantined for various reasons at our internet mail gateway.

This does sometimes give false alarms, but only when the On-Delivery Email Scanner detects clean attachments which apparently have multiple file extensions. This is nearly always when an attached file has a date in the name, eg "Report13.02.2005.doc".

This is because the On-Delivery Email Scanner has an extra heuristics option specifically relating to multiple file extensions. I have always left it switched on for this PC as it is in a controlled environment in my team and I'd rather deal with a few false alarms than run the risk of letting something dodgy slip through the net.

 

[cheshireDan]

SPV is quite right, the problem was being caused by multiple file extensions. I finally realised this about a week ago at which point I switched off Multiple File Extensions and turned Heuristic checking back on again. since then we have not had any items quarrantined. RESULT !!!