cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
btlyric
Level 12
Report Inappropriate Content
Message 1 of 9

Anti-Malware Engine Overloaded

Anyone else seeing an uptick in Anti-Malware Engine Overloaded errors in the past few months?

8 Replies
aloksard
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: Anti-Malware Engine Overloaded

Hi,

Hope you are doing well.

Yes Anti Malware engine overload errors are being observed quite frequently in past few months.

It is when our default queue of 1000 reaches its value , then all subsequent request are being blocked by Anti Malware engine overload errors .

 

you can configure a fail open here for Anti Malware errors , so that users don't get MWG Anti Malware error page if at all it is required .

 

what is your current MWG version? We have seen some performance issues related to GAM 2017 version which are resolved in 7.7.2.17 version and above .

 

Also rechability/connectivity issues to our GTI servers are one of the causes/contributor to Anti Malware overload situation.

 

I would also suggest to open a case with support by providing a feedback file taken during the time of issue for investigation. Ping me the SR number here if you open a case with support for me to have a look.

 

Regards

Alok Sarda

 

 

Re: Anti-Malware Engine Overloaded

I'm also seeing increasing number of anti malware overload situations that didn't exist before a couple of months ago. We upgraded to 7.7.2.18 in an attempt to correct the issue but to no avail. The GTI servers don't seem to be an issue either as we are getting good responses from them using the diagnosis script when the issue occurs. We've set the error handler to continue on 14001 errors but we see a BIG dropoff in connections when the problem occurs. We have 2 MWGs being load balanced so the second box picks up the load but within a few seconds it too gets the overload message.

Are there any updates to this at all? Any steps we can take besides pressing the AV Threads button over and over. Is there a better way to determine what is causing this issue? This feels more like an issue with an update that might have dropped a while back. We're currently running  engine 5900.7845..

btlyric
Level 12
Report Inappropriate Content
Message 4 of 9

Re: Anti-Malware Engine Overloaded

A belated reply -- I haven't heard any significant updates about this specific issue.

As I understand it, MFE support has told us that we need to upgrade our hardware. I'm not sure what their answer will be if the underlying problem remains when the hardware is upgraded, but for now it kicks the can down the road a bit.

My current interpretation is that there is a specific issue that McAfee believes to exist, but does not yet necessarily have sufficient data to isolate and resolve.

My interpretation could be completely incorrect...

btlyric
Level 12
Report Inappropriate Content
Message 5 of 9

Re: Anti-Malware Engine Overloaded

Extremely belated response to this thread/Alok's suggestion of configuring fail open for the Anti-Malware Engine Overloaded errors to my post (and at least a couple of other posts about engine overload situations).

Since Q4 2018, multiple customers have reported in the community forum that Anti-Malware Engine Overloaded errors have occurred in infrastructures where those errors did not previously exist. In our case, no significant modifications were made to the overall enterprise or to the MWG policy. Combined with reports from other customers, this suggests that the problem may be related to the AV engine itself and/or how it processes data.

Failing open is a valid solution for specific situations, but shouldn't be the "go to" option for the overload situation. Alternately, if McAfee wants to espouse it as the "go to" option, I suggest clarifying in forum posts that fail open for anti-malware means that the content will not be scanned and if fail open is the desired solution, it should be configured to fail open with notifications so that the MWG admins for that system are aware that something is wrong.

 

 

 

ApolloDS
Level 7
Report Inappropriate Content
Message 6 of 9

Re: Anti-Malware Engine Overloaded

Hi Alok,

Do you know how we can increase the default queue to more than the default 1000?
A customer is asking this since he also get intermittent messages about the Anti-Malware Engine Overloaded.

Thanks,
Peter

aloksard
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 9

Re: Anti-Malware Engine Overloaded

Hi,

Hope you are doing well.

 

You can do this by taking MWG GUI access-> Navigate to option Configuration->Select the appliance->Anti Malware->Global Anti-Malware settings->Maximum no of obs in the queue.

 

Note:- It is not recommended to change this value, instead I suggest to open a service request with support and provide a feedback file taken from MWG during the time of issue for investigation.

 

Regards

Alok Sarda

ApolloDS
Level 7
Report Inappropriate Content
Message 8 of 9

Re: Anti-Malware Engine Overloaded

Hi Alok,
I will check with the customer and open a case about this.
Thanks for your information
chrisfi
Level 8
Report Inappropriate Content
Message 9 of 9

Re: Anti-Malware Engine Overloaded

Is there any update on this topic?

We are seeing the "Anti-Malware currently overloaded" errors repeating in the last month, too.

At the moment we are running MWG-Version 7.8.2.7.0.

Gateway Engine: 7001.2017.3140

Gateway DATs: 6802

Engine: 6000.8403

DATs: 9300

 

Kind regards

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community