cancel
Showing results for 
Search instead for 
Did you mean: 
jround
Level 9
Report Inappropriate Content
Message 1 of 2

No active AV scanner for streaming in at least one rule!

Recently MWG is showing a red alert for the following error on a daily basis :

"No active AV scanner for streaming in at least one rule! (McAfee Gateway Anti-Malware has been disabled for at least one configuration and/or rule, either directly, or indirectly by missing or contradictory settings.) (Origin: McAfee Gateway Anti-Malware, ID: 862)"

I was messing about with a couple of streaming rules the other week to try and troubleshoot something else but thought I had reverted the changes and now I can't find out a way to resolve and clear this error 😞

1 Reply
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: No active AV scanner for streaming in at least one rule!

Hi, 

Hope you are doing well.

Below is few  messages seen on MWG dashboard in recent MWG versions:-

 Errors:

„No active AV scanner for streaming in at least one rule! (McAfee Gateway Anti-Malware has been disabled for at least one configuration and/or rule, either directly, or indirectly by missing or contradictory settings.)“

„No active antivirus scanner in at least one rule! (All of McAfee Antivirus, McAfee Gateway Anti-Malware, and Avira have been disabled for at least one configuration and/or rule, either directly, or indirectly by missing or contradictory settings.)“

 

Warnings:

“McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (GTI cloud lookups not enabled via URL filter configuration)”

“McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (missing ‘Provide GTI to GAM’ setting in antivirus configuration).”

 

The red errors cannot/should not come up without a yellow warning indicating a mis-configuration before.

Further, there is a 24-hour counter until the next message can be displayed in the dashboard to avoid flooding. For instant testing, a restart of the appliance or restart of the mwg services would be necessary since this will reset the counter.

 

Dependencies:

Yellow warning: “McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (missing ‘Provide GTI to GAM’ setting in antivirus configuration).”

Comes up if:

-the following option is disabled in the antimalware setting:

“Provide GTI web and file reputation queries to McAfee Gateway Anti-Malware”

 

Yellow warning: “McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (GTI cloud lookups not enabled via URL filter configuration)”

Comes up if either:

-rule set “Set URL Filter Internal Settings” is completely missing or

-used URL filter setting does not have enabled the option:

“Use online GTI web reputation and categorization services if local rating yields no result”

-if a policy restriction can lead to a behavior where a part of the transaction (request, response, embedded cycle) triggered the GAM (property “Antimalware.Infected”) and no URL Filter Internal Settings was triggered before (internal flag is not set)

(example 1: one GAM call is done on top of policy in a special rule set with “Stop Cycle” afterwards

example 2: a request is bypassed somewhere on top of the policy with a “Stop Cycle” (no URL Filter Internal Settings has been triggered = no flag is set for the transaction) but the response is not bypassed but somewhere scanned below (=GAM is triggered without the internal flag)).

 

The red error: “No active AV scanner for streaming in at least one rule! (McAfee Gateway Anti-Malware has been disabled for at least one configuration and/or rule, either directly, or indirectly by missing or contradictory settings.)”

Comes up if:

-option “Enabled Mobile Code Scanning” is disabled in the GAM setting that was called

-one of the yellow warnings did occur before

 

The red error: “McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (missing ‘Provide GTI to GAM’ setting in antivirus configuration).”

Comes up if:

-no scanning at all is available (I think that this message should never occur)

 

As mentioned above, every single request must hit the URL Filter Internal Settings somehow to set the internal flag. Therefore, the recommendation is to move this rule set on top of the policy

 

Regards

Alok Sarda

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community