Hope you are doing well.
Yes Anti Malware engine overload errors are being observed quite frequently in past few months.
It is when our default queue of 1000 reaches its value , then all subsequent request are being blocked by Anti Malware engine overload errors .
you can configure a fail open here for Anti Malware errors , so that users don't get MWG Anti Malware error page if at all it is required .
what is your current MWG version? We have seen some performance issues related to GAM 2017 version which are resolved in 220.127.116.11 version and above .
Also rechability/connectivity issues to our GTI servers are one of the causes/contributor to Anti Malware overload situation.
I would also suggest to open a case with support by providing a feedback file taken during the time of issue for investigation. Ping me the SR number here if you open a case with support for me to have a look.
I'm also seeing increasing number of anti malware overload situations that didn't exist before a couple of months ago. We upgraded to 18.104.22.168 in an attempt to correct the issue but to no avail. The GTI servers don't seem to be an issue either as we are getting good responses from them using the diagnosis script when the issue occurs. We've set the error handler to continue on 14001 errors but we see a BIG dropoff in connections when the problem occurs. We have 2 MWGs being load balanced so the second box picks up the load but within a few seconds it too gets the overload message.
Are there any updates to this at all? Any steps we can take besides pressing the AV Threads button over and over. Is there a better way to determine what is causing this issue? This feels more like an issue with an update that might have dropped a while back. We're currently running engine 5900.7845..
A belated reply -- I haven't heard any significant updates about this specific issue.
As I understand it, MFE support has told us that we need to upgrade our hardware. I'm not sure what their answer will be if the underlying problem remains when the hardware is upgraded, but for now it kicks the can down the road a bit.
My current interpretation is that there is a specific issue that McAfee believes to exist, but does not yet necessarily have sufficient data to isolate and resolve.
My interpretation could be completely incorrect...
Extremely belated response to this thread/Alok's suggestion of configuring fail open for the Anti-Malware Engine Overloaded errors to my post (and at least a couple of other posts about engine overload situations).
Since Q4 2018, multiple customers have reported in the community forum that Anti-Malware Engine Overloaded errors have occurred in infrastructures where those errors did not previously exist. In our case, no significant modifications were made to the overall enterprise or to the MWG policy. Combined with reports from other customers, this suggests that the problem may be related to the AV engine itself and/or how it processes data.
Failing open is a valid solution for specific situations, but shouldn't be the "go to" option for the overload situation. Alternately, if McAfee wants to espouse it as the "go to" option, I suggest clarifying in forum posts that fail open for anti-malware means that the content will not be scanned and if fail open is the desired solution, it should be configured to fail open with notifications so that the MWG admins for that system are aware that something is wrong.
Do you know how we can increase the default queue to more than the default 1000?
A customer is asking this since he also get intermittent messages about the Anti-Malware Engine Overloaded.
Hope you are doing well.
You can do this by taking MWG GUI access-> Navigate to option Configuration->Select the appliance->Anti Malware->Global Anti-Malware settings->Maximum no of obs in the queue.
Note:- It is not recommended to change this value, instead I suggest to open a service request with support and provide a feedback file taken from MWG during the time of issue for investigation.
Is there any update on this topic?
We are seeing the "Anti-Malware currently overloaded" errors repeating in the last month, too.
At the moment we are running MWG-Version 22.214.171.124.0.
Gateway Engine: 7001.2017.3140
Gateway DATs: 6802