Showing results for 
Show  only  | Search instead for 
Did you mean: 

Web Gateway policyViewer Tool (

Introducing the McAfee Web Gateway policyViewer Tool


The MWG7+ policyViewer Tool allows you to read configuration information from the gateway and display it for review.


The main goal of this tool is to communicate the representation of Rules Sets more effectively. One thing I've noticed, both amongst the user community and internally, is the propensity of taking screen shots of the UI to display rules and settings. To me, this method is cumbersome and can't represent the entire scope of the configuration. I designed this specifically to be able to render fragments of the configuration and allow me to copy/paste them into (HTML) email without having to attach bulky bitmap images.


As an added benefit, this also allows you to save the HTML output of the configuration and use it as a reference for configuration auditing by a 3rd party without granting them access to the appliance itself.


Internally, MWG7 and higher is comprised of multiple XML files used to define its policy, settings and configuration. The structure of the XML is quite complex and not designed for human readability. The policyViewer tool imports a variety of formats and displays them in a navigation structure similar to the MWG's UI for easier readability. Once the configuration is loaded, you can navigate through the configuration to display the selected elements on the HTML pane. Once displayed, content can be selected, copied, searched and saved.


Input file types:
-MWG7 or higher .backup Files
-MWG7 or higher Exported Rule Sets
-MWG7 or higher Feedback Files


Displayed Items:
-Rules Sets
-Log Handlers
-Error Handlers
-User Defined Properties


Output files:
-Save output of displayed HTML pane
-Extract the original files from a .backup


-Policy Report displays the entire configuration in one pane for saving
-Save Policy reports will navigate on links to lists and settings
-Export a of an appliance's IP address settings for use with initial installation of a new appliance
-Output style can be changed by editing <executable-directory>\policyViewer.xslt


New Rule Usage feature in 1.4.0:



Version History

View policy and config from Web Gateway

Version 04/14/2020
-Added feature to adjust event names, which should take the form "Enable <...>".

Version 03/03/2020
-Modified license feature table to also display known flags for each feature (currently known: "enabled").

Version 10/14/2019
-Added feature to specify a file to be opened via command-line argument.

Version 10/08/2019
-Added support for MWG 8.2.0
-Note: Since version 1.8.1, this tool has supported both MWG 7.8.1 and 7.8.2 (no changes were necessary to support 7.8.2).

Version 05/03/2019
-Added support for MWG 8.1.0

Version 01/23/2019
-Added support for MWG 8.0.0
-Changed version number scheme to accommodate new MWG version numbers
-The "Open" dialog box will now remember the previously used Filter (Backup/Rule Set/Feedback).
-Added an option to continue parsing a file when a certain kind of corruption is detected.

Version 1.8.1: 02/26/2018
-Added support for MWG 7.8.1
-Fixed "Object Reference" issue related to AppRisk lists.

Version 1.8.0: 10/03/2017
-Added support for MWG 7.8.0

Version 08/22/2017
-Package is now signed with McAfee Certificate

Version 1.7.2: 08/08/2017
-Added support for MWG 7.7.2
-Updated to use new McAfee Icons

Version 1.7.1: 02/24/2017
-Added support for MWG 7.7.1

Version 1.7.0: 10/04/2016
-Added support for MWG 7.7.0

Version 1.6.2: 06/01/2016
-Added support for MWG 7.6.2
-Added import from MWG appliance using REST option.
-Updated code to .NET 4.5, instead of 2.0.
.NET 4.5 is now a requirement to run.

Version 1.6.1: 01/28/2016
-Added support for MWG 7.6.1

Version 12/24/2015
-Added Export List on context menu in list tree.

Version 1.6.0: 09/28/2015
-Added support for MWG 7.6.0

Version 07/20/2015
-Fixed issue with NUL in license.xml

Version 1.5.2: 05/28/2015
-Added support for MWG 7.5.2

Version 1.5.1: 02/02/2015
-Added support for MWG 7.5.1
-Fixed issue with displaying UTF-8 encoded characters

Version 1.5.0: 09/23/2014
-Added support for MWG 7.5.0

Version 06/04/2014
-Fixed issue with treeViewConfiguration for older configurations that do not contain <cm_cluster_global/>

Version 1.4.2: 05/27/2014
-Added support for MWG 7.4.2.
-Displays cluster configuration for 7.4.0+.
-Added Cloud Enabled indicators.
-Added Administrator Accounts tab.
-Changed layout of authentication engine settings.
-Added Export Rule Sets on context menu in rule tree.

Version 1.4.1: 01/28/2014
-Added support for MWG 7.4.1.
-Minor cosmetic changes to XSLT output.

Version 1.4.0: 09/10/2013
-Added support for MWG 7.4.0.
-Added Rule Usage feature to count hits in policy.
-Added option to suppress disabled rule sets and rules from displaying.
-Added option to suppress details.
-Fixed performance issue with XSLT.

Version 1.3.2: 05/14/2013
-Added support for MWG 7.3.2.
-Added support for decrypting backups with a password.
-Minor bug fixes.

Version 1.3.0: 02/12/2013
-Added support for MWG 7.3.1, including Dynamic Content Classifier and Map Type lists.

Version 1.2.1: 11/15/2012
-Added skipping file on import error.
-Added stripping out errant null bytes from imported 7.3 configs.

Version 1.2.0: 10/03/2012
-Added support for MWG 7.3.0.
-Added the display of new values to the Proxy template.
-Removed the Text tab. It had little value.

Version 1.1.2: 07/03/2012
-Added support for importing .lists.

Version 1.1.1: 04/21/2012
-Compiled for AnyCPU instead x86 to accommodate memory for huge lists.

Version 1.1.0: 04/20/2012
-Added support for MWG 7.2.0, including:
-DLP Categories
-Subscribed Lists
-Hybrid Lists
Note: Only feedback files contain content for subscribed lists.

Version 1.0.5: 12/13/2011
-Added support for MWG 7.1.6.

Version 1.0.4: 11/21/2011
-Integrated ICSharp.SharpZLib code directly instead of using a .DLL to potentially work with MONO.

Version 1.0.3: 07/19/2011
-Updated handshake to 7.1.5-11113.

Version 1.0.2: 03/31/2011
-Updated handshake to 7.1.0.

Version 1.0.1: 01/22/2011
-Added Rules in TreeView option

Version 1.0.0: 01/11/2011
-First public release
-Updated handshake to

Version 0.9.4: 12/16/2010
-Added line numbers to lists.

Version 0.9.3: 12/13/2010
-Added ° for empty lists.
-Added List hover over.

Version 0.9.2: 12/12/2010
-Added support for Feedback Files.

Version 0.9.1: 12/10/2010
-Better formatting of inlineLists.
-Added Save Displayed HTML.
-Added Complete Policy Report.
-Updated handshake to 7.0.2.

Version 0.9: 12/06/2010
-First Beta release.


Requires .NET Framework 4.5


NOTE: This tool is not supported by McAfee Technical Support in any way. Do not contact them for help with problems.

Labels (1)

Just tried this out, very cool stuff!


This year, adutitors going to be very happy 🙂 thanks. Will this be later integrated into the device software?


I cannot speak for PM or engineering if something like that is in the works or not. I wanted to fill the gap for myself and some customer requests, so I wrote this. They know about it, but personally I'd rather have them work on the heavy lifting. This is just icing.

Along the same lines, when I wrote the Language Pack Designer for 6.x, they saw it and put a similar block page editor into 7, so you never know.

I open to suggestions as to what else you'd like to see in it.


That is so cool - thanks for the tool


Hi Erik,

you mentioned "Rule tracing step-through debugger" in TODO list. It would be a pretty cool tool for further troubleshooting.

When do you suppose the function will be done? Do you have any assessment?

Thank you


I'm waiting for some changes to the way the gateway writes the trace files in a future version.

Currently, the trace files contain the Rule Name of the rule that is executed, but that is not unique enough to programatically select it from the policy. If I have multiple rules with the exact same name, i cannot be deterministic on which rule to select/display/debug.

Internally, each rule has a unique id attribute. When they start including that unique ID in the trace, I will work on getting the tracing feature working. they tell me will have it, if they can find the time to put it in. Until then, I'm working on other amazing tools

Oh, and there are plans to put this into the product natively, so if they get to it before I do, then I may not do it externally.


Hi Eric,

thank you very much for this great tool !

Regards Tom


Tested today with MWG (11970)

Real great tool! 🙂




Thanks. I'm waiting for the general release of 7.1.6 before I update it with new properties.

If anyone needs to use it on newer versions of MWG before I compile in support for new properties, you can copy the directory from the MWG of:


to the executable folder of the policyViewer.

This will read in the new properties and use them instead of the compiled-in version.


New Release: policyViewer 1.0.5

Added support of MWG 7.1.6


Great Tool! 🙂


What to do if we skip intermediate version and directly jump from 7.x version to 7.2?

Does that mean we have to manually look at changes of all the versions? We had started with very first version of 7.X and now we are planning to directly upgrade  from 7.0.2 to 7.2. We have already upgraded test gateways and I am wondering what to do for all these default changes in different versions?


Hey Big E, 

Just bumping this discussion to see if there have been any changes/enhancements with this (awesome) tool.  We are well passed 7.1 and 7.3 is just around the corner.  *Cough*RuleTracing*Cough*


Coincidently, I have a call tomorrow to lay my eyes on the rule tracing they have been working on in 7.3.x.

Fingers crossed it will be all we could ever wish for.


Add function of export of lists to the next version.
From backup you can get only xml, but to export them to MWG does not work because of the required format lists


Good idea...done.

You can now Right-Click on a list and export.

The only difference between this and doing it in the GUI is you can only select one list at a time in policyViewer to export. The GUI allows for multi-select of lists.


Guys, WTF virustotal Detection ratio: 12 / 59



Moving until we can get the false detections sorted out.


Added version which addresses issues with false positives (plain text xml in binary) and the binary is now signed. I also cleaned up the icons.


Excellent Tool, 

Thanks Jon


Any chance we could get CSS in the forum that would properly format a copied rule in a forum comment?


Thank you so much for releasing an updated version of this tool!

Version history
Revision #:
8 of 8
Last update:
‎01-20-2021 12:27 AM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community