AV triggering a lot for Javascript

Hi all, Since activating AV filtering for our internet connection we are getting all kinds of AV alerts mostly for javascripts, like: JS/FakejQuery.BC!tr JS/Nemucod.XZ!tr.dldr JS/Nemucod.F022!tr ... AV is set to flow-based. (From what I read in the docs, in FOS 5.2 this is not necessarily worse than "proxy".) Endpoint security is not triggering on any of the concerned hosts. I suspect these are false positives. Any idea? Bye, Marki