cancel
Showing results for 
Search instead for 
Did you mean: 
hazwan
Level 8
Report Inappropriate Content
Message 1 of 26

Gateway Anti Malware

@

Hi All,

I'm having problem with gateway anti malware to update definition of malware. Nsm already configured with dns and one of IPS inside domain already updated malware definition to latest update, but one of our IPS is failed to update with error. But the failed IPS can update callback detector to the latest. I try to check within IPS with command show gam engine stats but it shows engine status :uninitialized. Anyone know how to troubleshoot GAM or I need to do any configuration to enable gam?

Thank You.

Regards,

Hazwan

25 Replies
Reliable Contributor petermason
Reliable Contributor
Report Inappropriate Content
Message 2 of 26

Re: Gateway Anti Malware

Hi Hazwan,

What is the error you are receiving when updating GAM for this sensor?

What is the model and software version of the sensor?

Are you manually updating or using automatic updates?

Peter

hazwan
Level 8
Report Inappropriate Content
Message 3 of 26

Re: Gateway Anti Malware

Hi Peter,

Above is an error I received. IPS model is 7300 and software version 8.2.5.100. I'm using automatically updates.

Regards,

Hazwan

Reliable Contributor petermason
Reliable Contributor
Report Inappropriate Content
Message 4 of 26

Re: Gateway Anti Malware

Hi Hazwan,

Are you seeing any errors in the EMS.log for this failure?

It could just be a communication failure with the update site. NSP uses different update sites for the different downloads (software / sigsets / bot / etc) so you may be blocking the communication.

You can also just manually download the software update here

https://contentsecurity.mcafee.com/update

And import it to the manager Manage > Updating > Manual Import

You should then be able to deploy it to your sensor.

Peter

Highlighted
hazwan
Level 8
Report Inappropriate Content
Message 5 of 26

Re: Gateway Anti Malware

Hi Peter,

Which line that contain string should I look at in EMS.log?

I also think DNS customer block the Gateway Anti-Malware update site. Did you know the site link or what should I advice customer to allow domain/site for update GAM. Automatically update will much more help as I dont need to go onsite each time for update GAM. Your kinds help much appreciate.

Regards,

Hazwan

Reliable Contributor petermason
Reliable Contributor
Report Inappropriate Content
Message 6 of 26

Re: Re: Gateway Anti Malware

Hi Hazwan,

This is what I see in my ems.log file for an N series sensor trying to update GAM when the manager does not have access to the internet.

2015-09-18 04:52:35,600 ERROR [http-bio-0.0.0.0-443-exec-148] iv.common.HttpClient.ApachePOSTImpl - doPOST:Error while doing the http get function for the url https://tau.mcafee.com/cgi-bin/update.pl the error is java.net.ConnectException: Connection timed out: connect

2015-09-18 04:52:35,600 ERROR [http-bio-0.0.0.0-443-exec-148] com.intruvert.ui.sensor.data.GAMVersion - com.intruvert.ruleEngine.utils.gam.GamDatException: Internal Server Error

If they are using manager version 8.2.7.46 or higher they should have the option under Manage > Troubleshooting > System Log to view the tail of the EMS log, then if you turn GAM updating off and back on for the problem sensor they can see what errors are generated.

If not they will have to look in the log files for errors that match the time stamp on the error the manager is generating.

If the sensor is outside the domain and their is a firewall between it and the manager you may just need to open additional ports for communication. Look at the requirements in the Manager Installation guide to find out what ports need to be open for communication.

Regards

Peter

Reliable Contributor petermason
Reliable Contributor
Report Inappropriate Content
Message 7 of 26

Re: Gateway Anti Malware

Hi Hazwan,

Were you able to get the sensor to update?

Peter

hazwan
Level 8
Report Inappropriate Content
Message 8 of 26

Re: Gateway Anti Malware

Hi Peter,

Yes, I'm able to update the sensor by manual but that is what we dont want to achieve. Actually, when we trying to update automatically using google public dns 8.8.8.8, it is not successful. I filtered the connection, the request has been sent to google dns but there is no traffic reply to the request.

For our IPS other domain, automatically update using local disaster recovery domain no problem. I can see the traffic response from mcafee ip using https connection.

I'm thinking of the connection has been blocked by dns google. So weird...

Thank You.

Regards,

Hazwan

Re: Gateway Anti Malware

All,

I am having a similar problem with NTBA T-VM. All sensor software, sigset and engine software is up to date, but I'm getting a DNS error whenever GAM tries to auto-update. DNS requests to tau.mcafee.com are seen going through the firewall. We tried updating manually and it didn't take...then I read the note on that page in the NSM that manual updating GAM does not work for NTBA. I was hoping someone may have found a fix for this by now. If you know of one, please respond.

McAfee Employee moekhass
McAfee Employee
Report Inappropriate Content
Message 10 of 26

Re: Gateway Anti Malware

Yup, manual updating for NTBA would be nice. I'm getting some DNS errors for auto download. There are a lot of environments where DNS and Firewall are not optimized. So manual update is only option.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community