cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
deko
Level 8
Report Inappropriate Content
Message 1 of 4

Anit-Malware disabled one rule because GTI cloud lookups not available

Jump to solution

Good morning,

since two weeks I see following alerts on the gateway.

MWG.jpg

 

Can anyone help me with this problem?

 

Thanks!

1 Solution

Accepted Solutions
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Anit-Malware disabled one rule because GTI cloud lookups not available

Jump to solution
Hi, Hope you are doing well. https://kc.mcafee.com/corporate/index?page=content&id=KB90767&actp=null&viewlocale=en_US&showDraft=f... Solution:- All requests sent to MWG must go through the rule set: Set URL Filter Internal Settings. This process sets an internal flag for GAM to determine what URL Filter setting must be used for internal GAM lookups. These lookups obtain the URL category and reputation for the complete transaction and include the request, response, and embedded object cycle. You must place this rule set as a top-level rule set in your policy and enable it in all cycles (request, response, embedded object). It is important to place it above all GAM calls and bypass rules that contain the action Stop Cycle. Request you to move rule named Set URL Filter Internal Settings to top of your policy meaning it should be the first rule in your policy and also enable response/embedded cycle for this rule. Regards Alok Sarda
3 Replies
Reliable Contributor marcus69
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Anit-Malware disabled one rule because GTI cloud lookups not available

Jump to solution

Hi deko,

since WebGateway 7.7.2 there were a few changings on the GAM Settings.
The most common reason for this warning is a missing setting:

2019-04-25 08_37_11-MWG-GAM-InternalFilterSetting2.png

If it is missing on Your Ruleset, you may import it from MWG Ruleset Library.

For more details please also see Aloks explanations on this forum thread: https://community.mcafee.com/t5/Web-Gateway/No-active-AV-scanner-for-streaming-in-at-least-one-rule/...

 

Best Regards,
    Marcus

deko
Level 8
Report Inappropriate Content
Message 3 of 4

Re: Anit-Malware disabled one rule because GTI cloud lookups not available

Jump to solution

Hi Marcus,

 

thanks for your reply, but I already have this setting in my ruleset.

 

Best Regards,

deko

McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Anit-Malware disabled one rule because GTI cloud lookups not available

Jump to solution
Hi, Hope you are doing well. https://kc.mcafee.com/corporate/index?page=content&id=KB90767&actp=null&viewlocale=en_US&showDraft=f... Solution:- All requests sent to MWG must go through the rule set: Set URL Filter Internal Settings. This process sets an internal flag for GAM to determine what URL Filter setting must be used for internal GAM lookups. These lookups obtain the URL category and reputation for the complete transaction and include the request, response, and embedded object cycle. You must place this rule set as a top-level rule set in your policy and enable it in all cycles (request, response, embedded object). It is important to place it above all GAM calls and bypass rules that contain the action Stop Cycle. Request you to move rule named Set URL Filter Internal Settings to top of your policy meaning it should be the first rule in your policy and also enable response/embedded cycle for this rule. Regards Alok Sarda
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator