cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Enbedded Flash Player Videos Issues

Jump to solution

talked with support and they sent me the instruction on upgrading to 7.1.6.

I replaced the Gateway Antimalware ruleset witht he one from the library. And Skip on Streaming Media is there.

Should i leave gateway antimalware at the bottom of my rule sets?

Also the old rule set had the rule " Allow Streaming Media From List Antimalware Media Type Whitelist" enbled, Show this be re-enabled?

Can you explain the Streaming media, with probability 70%?

asabban2
Level 17
Report Inappropriate Content
Message 12 of 20

Re: Enbedded Flash Player Videos Issues

Jump to solution

Hello,

sounds good. You should leave the Gateway Antimalware close to the bottom of the policy, it will avoid MWG from scanning files that have already been blocked by earlier filters, which is vital for performance reasons. I do no think you will need the old rule again, since the streaming detector will do the stream detection for you.

The streaming detector uses various pieces of information such as URL, category, media type sent by the server and the first bytes of data coming back to decide whether a downloaded file is a stream or not. Each criteria it checks allows to do a "weighting", for example if the URL is in category "Streaming Media" we assume the file is a stream with lets say 90%. If the then find the file is a text-file, the probability will reduce to lets say 50% (the values are just examples). It works similar to spam detection, where you combine multiple criteria such as sender host, subject, region, header, etc to a propability.

This is just a pretty basic overview. Do you have any more specific questions in regards to the streaming detector?

And the most important question, is the stream working that was not going through before?

Best,

Andre

alexott
Level 11
Report Inappropriate Content
Message 13 of 20

Re: Enbedded Flash Player Videos Issues

Jump to solution

Hi

The old rule "Allow Streaming Media From List Antimalware Media Type Whitelist" isn't necessary anymore - it used explicit list of "popular" sites to prevent AV from stuck in stream processing.

It's recommended (but not required) to keep Gateway Antimalware at the bottom, because AV scanning is "heavyweight" operation, and if more "lightweight" conditions (like URL Category checking, etc.) could block request or response before AV, then performance of your system will be better.

Regarding probability - Streaming Detector filter uses set of heuristics to to calculate probabilty that current response is stream. Different streams are detected slightly differently, but usually detection is in the range 70-100%. Streaming detector implements boolean property with values true/false, so you need to specify configuration to the filter that will setup "minimal probability" so if calculated value of probability is higher than this value, then filter will return "true", and will return "false" otherwise.

Highlighted

Re: Enbedded Flash Player Videos Issues

Jump to solution

Upgraded to 7.1.6 and replaced the Anti-Malware Rule Set now the example works. 

View solution in original post

alexott
Level 11
Report Inappropriate Content
Message 15 of 20

Re: Enbedded Flash Player Videos Issues

Jump to solution

That's fine! Thank you for sharing this information. If you'll find some URL that doesn't work once again, please report it to us - we'll try to find what's happening

asabban2
Level 17
Report Inappropriate Content
Message 16 of 20

Re: Enbedded Flash Player Videos Issues

Jump to solution

Thants great. Do you mind setting the thread to "answered"?

Thank you,

Andre

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 17 of 20

Re: Enbedded Flash Player Videos Issues

Jump to solution

Hi all,

yes, Streaming Detector ist a real cool thing and works fine. 🙂

In some cases some streams are also not working because there is a problem with chunked encoding. Just add a rule where you can add a workaround as an event.  There you can define the workaround when a player does not support chunked encoding.

Best,

Thorsten

Nachricht geändert durch Troja on 14.03.12 09:22:50 MEZ
stifi
Level 7
Report Inappropriate Content
Message 18 of 20

Re: Enbedded Flash Player Videos Issues

Jump to solution

Dear all

It has been a while since this diskussion has been started. I was looking for certain reasons for the appropriate ruleset "Skip on Streaming Media" in the library, however, not found. Was also searching for anything in that direction, also without success. Is StreamingDetector still available in that manner as described before?

Release is 7.3.0.2.

Rgs, Stefan

asabban2
Level 17
Report Inappropriate Content
Message 19 of 20

Re: Enbedded Flash Player Videos Issues

Jump to solution

Hello,

the "Skip on Straming Media" rule set checks some criteria such as category and/or media type to decide whether the transferred file is a stream and therefore should skip the AV engine in order to play. The "Streaming Detector" eliminates the need for such a rule set, since the Streaming Detector uses category, media type + a couple of other parameters to validate if a file is a stream.

So basically in older versions of MWG without Streaming Detector you need some static rules which help with streams, in more recent version the Streaming Detector performs those steps automatically. Easiest thing is to disable the Gateway Antimalware rule set you currently have and import it again from the in-product library. It contains the latest rules to ensure proper stream detection and malware protection.

Best,

Andre

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 20 of 20

Re: Enbedded Flash Player Videos Issues

Jump to solution

Hi Stefan

Streaming Media Detection is Part of the Gateway Antimalware Ruleset and is really working fine for any of my customers.

Cheers, Thorsten

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community