whoami /groups SID is not resolved

Hello everyone

We have installed the MCAfee Web Gateway (MWG) on all clients (Windows 10) in our organization. This controls the Internet access by means of a group from the AD. Now there were already several cases in which users were blocked, although they are in the group. The McAfee support believes that the MWG client does not recognize the group.

We also found that the group names are not resolved, or only partially resolved, if the client has no connection to the AD. After executing the command "whoami /groups" it looks like this (whole SID shortened/replaced with xxx):

GROUP INFORMATION
-----------------

Group Name                                               Type             SID                                              Attributes                                                     
======================================================== ================ ================================================ ===============================================================
Jeder                                                    Well-known group S-1-1-0                                          Mandatory group, Enabled by default, Enabled group             
VORDEFINIERT\Administrators                              Alias            S-1-5-32-544                                     Group used for deny only                                       
VORDEFINIERT\Event Log Readers                           Alias            S-1-5-32-573                                     Mandatory group, Enabled by default, Enabled group             
VORDEFINIERT\Users                                       Alias            S-1-5-32-545                                     Mandatory group, Enabled by default, Enabled group             
NT-AUTORITŽT\INTERAKTIV                                  Well-known group S-1-5-4                                          Mandatory group, Enabled by default, Enabled group             
KONSOLENANMELDUNG                                        Well-known group S-1-2-1                                          Mandatory group, Enabled by default, Enabled group             
NT-AUTORITŽT\Authentifizierte Benutzer                   Well-known group S-1-5-11                                         Mandatory group, Enabled by default, Enabled group             
NT-AUTORITŽT\Diese Organisation                          Well-known group S-1-5-15                                         Mandatory group, Enabled by default, Enabled group             
LOKAL                                                    Well-known group S-1-2-0                                          Mandatory group, Enabled by default, Enabled group             
                                                         Unknown SID type S-1-5-21-xxxxxx                                  Mandatory group, Enabled by default, Enabled group             
                                                         Unknown SID type S-1-5-21-xxxxxx                                  Mandatory group, Enabled by default, Enabled group             
                                                         Unknown SID type S-1-5-21-xxxxxx                                  Mandatory group, Enabled by default, Enabled group             
                                                         Unknown SID type S-1-5-21-xxxxxx                                  Mandatory group, Enabled by default, Enabled group       

The SID always remains in the cache, the group name does not. Is there a possibility (e.g. via GPO) to add these groups to the cache as well or are there other solutions?

Similar case:

https://social.technet.microsoft.com/Forums/ie/en-US/1112015a-52c4-4a8e-adc0-0ec24cff5845/whoami-groups-does-not-show-domain-groups?forum=windowsbackup

Information about MWG:

https://www.mcafee.com/enterprise/en-us/products/web-gateway.html