cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Georgiancard
Level 10
Report Inappropriate Content
Message 1 of 11
‎01-15-2020 10:13 PM

warning message in MWG version 8.2.2

Jump to solution

Hi i see this warning message in MWG dashboard: what is the problem exactly i did not find

McAfee Gateway Anti-Malware is disabled due disabled GTI lookups, and the product's security efficacy is reduced. Please review your settings (especially URL filter configuration) and consider enabling GTI lookups or use Gateway Anti-Malware's air-gapped mode available starting in McAfee Web Gateway 7.8.2. Please refer to KB90767 for further details.

0 Kudos
Reply
1 Solution

Accepted Solutions
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 11
‎01-16-2020 12:55 AM

Re: warning message in MWG version 8.2.2

Jump to solution

Hi,

please move the rule set "Set URL Filter Internal Settings" from "Common Rules" to the top of the rule set as the very first rule set in the policy. Further, make sure that this is enabled in request/response/embedded cycle (cannot see this part in the screenshot).

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Reply
10 Replies
YashT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 11
‎01-15-2020 10:43 PM

Re: warning message in MWG version 8.2.2

Jump to solution

Hello @Georgiancard ,

This issues can be Caused by (one of the following):

  • The rule set Set URL Filter Internal Settings is missing.
  • You have not enabled the Use online GTI web reputation and categorization services if local rating yields no result option in the configured URL filter.
  • A policy restriction has caused a part of the transaction (RequestResponseEmbedded Cycle) to trigger the GAM without running through Set URL Filter Internal Settings.

Solution

All requests sent to MWG must go through the rule set: Set URL Filter Internal Settings. This process sets an internal flag for GAM to determine what URL Filter setting must be used for internal GAM lookups. These lookups obtain the URL category and reputation for the complete transaction and include the request, response, and embedded object cycle.

You must place this rule set as a top-level rule set in your policy and enable it in all cycles (request, response, embedded object). It is important to place it above all GAM calls and bypass rules that contain the action Stop Cycle.

NOTES:
  • The placement of this rule set has no negative effect on MWG performance.
  • With the improvements made to GAM in 2017, GTI lookups are now more important. They are required to operate effectively and protect your environment.
  • GTI lookups also avoid negative situations such as a high rate of false detections, performance issues or scan failures.

    It is from the KB90767
Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Yash T
0 Kudos
Reply
Georgiancard
Level 10
Report Inappropriate Content
Message 3 of 11
‎01-15-2020 11:22 PM

Re: warning message in MWG version 8.2.2

Jump to solution
The rule set Set URL Filter Internal Settings is missing, how can i add this where can i download it?
0 Kudos
Reply
jacek
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 11
‎01-15-2020 11:32 PM

Re: warning message in MWG version 8.2.2

Jump to solution

It is in most cases in Common Rules rule set.
If it is missing, you can add it from "Rule Set from Library"

 
Reply
Georgiancard
Level 10
Report Inappropriate Content
Message 5 of 11
‎01-16-2020 12:43 AM

Re: warning message in MWG version 8.2.2

Jump to solution
thanks we enabled this rule in the top of the rules and waiting next day, it is appears once every day. In settings "Use online GTI web reputation and categorization" is also enabled
0 Kudos
Reply
jacek
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 11
‎01-15-2020 11:30 PM

Re: warning message in MWG version 8.2.2

Jump to solution

@YashT, I also have exactly the warning in 7.8.2. It appears  about once in 3-4 days (not everyday).

Previously with 7.7.2, there was no such warnings in our env and policy did not changed during upgrade, but I double checked that "Set URL Filter Internal Settings" is enabled for all requests, "Use online GTI web reputation and categorization" is also enabled. All requests/responses reaching GAM, are going through "Set URL Filter Internal Settings".

I'm not sure it will help the Author with 8.2.2, but it does not work for me.

Reply
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 11
‎01-16-2020 12:20 AM

Re: warning message in MWG version 8.2.2

Jump to solution

Hello together,

short update with explanation for this.

Background: GAM 2017 performs a check whether URL filter internal settings have been set or not. This is done with the single rule in rule set "Set URL Filter Internal Settings". In there, the event uses an URL filter setting where you can enabled/disable GTI lookups.

Solution: Import/move this rule set on top of policy and enable it in all cycles (request, responses, embedded). So it is ensured, that every single request/response runs into this rule set, settings are properly set and then it does not matter what happens with these requests/responses BUT if something is running into GAM scanning, the check which the GAM performs is successful and this error is not thrown any longer. 

Further, it does not matter whether GTI lookups are enabled or disabled but the configuration itself (rule set, settings) must be there and must be correct. Then the check is successful.

This solution is not depending on any version.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
0 Kudos
Reply
Georgiancard
Level 10
Report Inappropriate Content
Message 8 of 11
‎01-16-2020 12:51 AM

Re: warning message in MWG version 8.2.2

Jump to solution

hi, is this correct?

0 Kudos
Reply
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 11
‎01-16-2020 12:55 AM

Re: warning message in MWG version 8.2.2

Jump to solution

Hi,

please move the rule set "Set URL Filter Internal Settings" from "Common Rules" to the top of the rule set as the very first rule set in the policy. Further, make sure that this is enabled in request/response/embedded cycle (cannot see this part in the screenshot).

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Reply
Georgiancard
Level 10
Report Inappropriate Content
Message 10 of 11
‎01-16-2020 01:41 AM

Re: warning message in MWG version 8.2.2

Jump to solution
ok we moved it up top of the rule set and will wait next day. thanks
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC