Hope you are doing well.
Yes Anti Malware engine overload errors are being observed quite frequently in past few months.
It is when our default queue of 1000 reaches its value , then all subsequent request are being blocked by Anti Malware engine overload errors .
you can configure a fail open here for Anti Malware errors , so that users don't get MWG Anti Malware error page if at all it is required .
what is your current MWG version? We have seen some performance issues related to GAM 2017 version which are resolved in 126.96.36.199 version and above .
Also rechability/connectivity issues to our GTI servers are one of the causes/contributor to Anti Malware overload situation.
I would also suggest to open a case with support by providing a feedback file taken during the time of issue for investigation. Ping me the SR number here if you open a case with support for me to have a look.
I'm also seeing increasing number of anti malware overload situations that didn't exist before a couple of months ago. We upgraded to 188.8.131.52 in an attempt to correct the issue but to no avail. The GTI servers don't seem to be an issue either as we are getting good responses from them using the diagnosis script when the issue occurs. We've set the error handler to continue on 14001 errors but we see a BIG dropoff in connections when the problem occurs. We have 2 MWGs being load balanced so the second box picks up the load but within a few seconds it too gets the overload message.
Are there any updates to this at all? Any steps we can take besides pressing the AV Threads button over and over. Is there a better way to determine what is causing this issue? This feels more like an issue with an update that might have dropped a while back. We're currently running engine 5900.7845..
A belated reply -- I haven't heard any significant updates about this specific issue.
As I understand it, MFE support has told us that we need to upgrade our hardware. I'm not sure what their answer will be if the underlying problem remains when the hardware is upgraded, but for now it kicks the can down the road a bit.
My current interpretation is that there is a specific issue that McAfee believes to exist, but does not yet necessarily have sufficient data to isolate and resolve.
My interpretation could be completely incorrect...
Extremely belated response to this thread/Alok's suggestion of configuring fail open for the Anti-Malware Engine Overloaded errors to my post (and at least a couple of other posts about engine overload situations).
Since Q4 2018, multiple customers have reported in the community forum that Anti-Malware Engine Overloaded errors have occurred in infrastructures where those errors did not previously exist. In our case, no significant modifications were made to the overall enterprise or to the MWG policy. Combined with reports from other customers, this suggests that the problem may be related to the AV engine itself and/or how it processes data.
Failing open is a valid solution for specific situations, but shouldn't be the "go to" option for the overload situation. Alternately, if McAfee wants to espouse it as the "go to" option, I suggest clarifying in forum posts that fail open for anti-malware means that the content will not be scanned and if fail open is the desired solution, it should be configured to fail open with notifications so that the MWG admins for that system are aware that something is wrong.
Is there any update on this topic?
We are seeing the "Anti-Malware currently overloaded" errors repeating in the last month, too.
At the moment we are running MWG-Version 184.108.40.206.0.
Gateway Engine: 7001.2017.3140
Gateway DATs: 6802