cancel
Showing results for 
Search instead for 
Did you mean: 
btlyric
Level 12
Report Inappropriate Content
Message 1 of 6

Anti-Malware Engine Overloaded

Anyone else seeing an uptick in Anti-Malware Engine Overloaded errors in the past few months?

5 Replies
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Anti-Malware Engine Overloaded

Hi,

Hope you are doing well.

Yes Anti Malware engine overload errors are being observed quite frequently in past few months.

It is when our default queue of 1000 reaches its value , then all subsequent request are being blocked by Anti Malware engine overload errors .

 

you can configure a fail open here for Anti Malware errors , so that users don't get MWG Anti Malware error page if at all it is required .

 

what is your current MWG version? We have seen some performance issues related to GAM 2017 version which are resolved in 7.7.2.17 version and above .

 

Also rechability/connectivity issues to our GTI servers are one of the causes/contributor to Anti Malware overload situation.

 

I would also suggest to open a case with support by providing a feedback file taken during the time of issue for investigation. Ping me the SR number here if you open a case with support for me to have a look.

 

Regards

Alok Sarda

 

 

Re: Anti-Malware Engine Overloaded

I'm also seeing increasing number of anti malware overload situations that didn't exist before a couple of months ago. We upgraded to 7.7.2.18 in an attempt to correct the issue but to no avail. The GTI servers don't seem to be an issue either as we are getting good responses from them using the diagnosis script when the issue occurs. We've set the error handler to continue on 14001 errors but we see a BIG dropoff in connections when the problem occurs. We have 2 MWGs being load balanced so the second box picks up the load but within a few seconds it too gets the overload message.

Are there any updates to this at all? Any steps we can take besides pressing the AV Threads button over and over. Is there a better way to determine what is causing this issue? This feels more like an issue with an update that might have dropped a while back. We're currently running  engine 5900.7845..

btlyric
Level 12
Report Inappropriate Content
Message 4 of 6

Re: Anti-Malware Engine Overloaded

A belated reply -- I haven't heard any significant updates about this specific issue.

As I understand it, MFE support has told us that we need to upgrade our hardware. I'm not sure what their answer will be if the underlying problem remains when the hardware is upgraded, but for now it kicks the can down the road a bit.

My current interpretation is that there is a specific issue that McAfee believes to exist, but does not yet necessarily have sufficient data to isolate and resolve.

My interpretation could be completely incorrect...

btlyric
Level 12
Report Inappropriate Content
Message 5 of 6

Re: Anti-Malware Engine Overloaded

Extremely belated response to this thread/Alok's suggestion of configuring fail open for the Anti-Malware Engine Overloaded errors to my post (and at least a couple of other posts about engine overload situations).

Since Q4 2018, multiple customers have reported in the community forum that Anti-Malware Engine Overloaded errors have occurred in infrastructures where those errors did not previously exist. In our case, no significant modifications were made to the overall enterprise or to the MWG policy. Combined with reports from other customers, this suggests that the problem may be related to the AV engine itself and/or how it processes data.

Failing open is a valid solution for specific situations, but shouldn't be the "go to" option for the overload situation. Alternately, if McAfee wants to espouse it as the "go to" option, I suggest clarifying in forum posts that fail open for anti-malware means that the content will not be scanned and if fail open is the desired solution, it should be configured to fail open with notifications so that the MWG admins for that system are aware that something is wrong.

 

 

 

Re: Anti-Malware Engine Overloaded

Is there any update on this topic?

We are seeing the "Anti-Malware currently overloaded" errors repeating in the last month, too.

At the moment we are running MWG-Version 7.8.2.7.0.

Gateway Engine: 7001.2017.3140

Gateway DATs: 6802

Engine: 6000.8403

DATs: 9300

 

Kind regards

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community