I've just upgraded my test cluster to 7.7.2.14 and I'm seeing the following error message for the first time - "Mcafee gateway anti-malware disabled in at least one rule because GTI cloud lookups are not available. (GTI cloud lookups not enabled via URL filter configuration)"
There have been no policy changes so I have to assume it's something to do with the upgrade but I can't find where anti-malware may have been disabled.
Has anyone got any suggestions as to how I can further investigate this warning?
Many thanks
Cherry
Solved! Go to Solution.
Hi,
these messages are introduced with 7.7.2.14 and are indicating possible misconfigurations.
The message you are facing can be the reason for the following:
-rule set "Set URL Filter Internal Settings" is missing (normally placed under "Common Rules"
-the URL filter setting that is used in this rule set has the option "Use online web reputation and categorization...." disabled
-you have placed another GAM scanning rule somewhere above in the rule set that COULD be triggered before the "Set URL Filter Internal Settings" rule set could be triggered. In this case MWG would think "oh this rule set is missing" and dashboard alert is created
If the policy seems to be okay I would recommend to open a Service Request and PM me the SR number. Then I can double-check your policy.
Please let me know if you have further questions.
Maybe you also noticed 1,2 other dashboard messages similar to this, then I would be happy to explain you this.
Regards,
Marcel
Hi,
these messages are introduced with 7.7.2.14 and are indicating possible misconfigurations.
The message you are facing can be the reason for the following:
-rule set "Set URL Filter Internal Settings" is missing (normally placed under "Common Rules"
-the URL filter setting that is used in this rule set has the option "Use online web reputation and categorization...." disabled
-you have placed another GAM scanning rule somewhere above in the rule set that COULD be triggered before the "Set URL Filter Internal Settings" rule set could be triggered. In this case MWG would think "oh this rule set is missing" and dashboard alert is created
If the policy seems to be okay I would recommend to open a Service Request and PM me the SR number. Then I can double-check your policy.
Please let me know if you have further questions.
Maybe you also noticed 1,2 other dashboard messages similar to this, then I would be happy to explain you this.
Regards,
Marcel
We're experiencing the same issue- GTI lookups was disabled in the URL filter for internal settings.. Enabling the setting did'nt remove the alerts however..
Another alert which also began with the update was "No active AD scanner for streaming in at least one rule".. i assume the 2 errors are related to the GAM update.. We don't have any rules referring to gateway Anti-malware above the URL filter for internal settings..
Mine was an easy one - I was missing the the ruleset suggested above by Marcel. ("Set URL Filter Internal Settings" normally placed under "Common Rules"). I already had a "Default" URL filter setting and the relvelant options were ticked.
Since adding the ruleset on Friday I've not seen any errors more errors
Hi,
I would suggest to open a SR and attach a feedback file and PM me the SR number like I did for Cherry.
Then I will have a look for possible causes and come back to you via SR.
Regards,
Marcel
Hi Carsten,
Hope you are doing well.
Request you to move your set URL internal filter settings rule to the top of your existing policy/rule sets and monitor .
Regards
Alok Sarda