I’m sorry for the delayed response on this. We wanted to make sure we got the engineering team’s feedback on this before we gave an answer so that we could ensure everything is factually correct.
Ultimately, this is a false-positive from McAfee, but we know what change likely triggered it. With this update we added HTTPS support for the webserver that runs on the Core — Basically the function of the Core that communicates with Roon API or remotes on the network (i.e. communications between the Core and other devices on the network). This change is triggering this and, while there is no actual malware behavior or anything, we are looking into tweaks we can make to avoid triggering any reports like this.
I hope this helps clear things up!