7.1.6 has an awesome new feature called "streaming detection", this helps in situations such as these.
Checkout my article on the changes from version to version (specifically 7.1.5 to 7.1.6):
This shows you the new rules which are default in 7.1.6 which use streaming detection.
Alternativley you could attempt to whitelist the site (antimalware whitelist), the flash video comes from the following URL:
This is categorized as Internet Services, and under the default rules for anything lower than 7.1.6 would not be treated as a possible stream.
I had a similar issue with sites that embedd Media player, I heard that its a know issue as the Media player user agent is unable to perform integrated authentication, hence I created a new rule just above the authentication rule to by pass authentication Media player user agent.
Please let me know if you guys came across any other feasible solution.
I upgraded my test server to7.1.6 but i dont see this new feature called Streaming Detection.
Please, look onto "Media Type Filtering" and "Gateway Antimalware" rulesets in the Rule Library. In "Gateway Antimalware" ruleset, there is new rule called "Skip on Streaming Media" - it will call Streaming Detector filter and skip AV check if it will detect that streaming video/audio is going through MWG.
Alternatively, you can create similar rule yourself (but I recommend to replace "Media Type Filtering" and "Gateway Antimalware" rulesets with version from Rule Library). You need to create new configuration for Streaming Detector filter (in the Settings tab) and select probability level for detection (60 or 70 percent usually enough). After that, you need to create rule (it should be executed only in Response cycle) with condition "StreamDetector.IsMediaStream (your configuration) equals true" and action "Stop cycle" - this will stop data processing if MWG will detect streaming media. (Please also note, that it's better to use 184.108.40.206 that has improvements in coordinated work between Streaming Detector and Media Type filters, in addition to many bug fixes)
P.S. I just checked your link, and video was detected as Streaming media, with probability 70%
Message was edited by: alexott - note on response cycle was added on 12/03/12 08:56:40 CET
I am not seeing anything new. My version is 220.127.116.11.0 (12651). I see nothing like "Skip on Streaming Media". My Gateway Antimalware ruleset has not changed. When I add new Gateway Antimalware ruleset it is the same as the current one installed.
You have older version - I & Jon were talking about version 7.1.6/18.104.22.168, while your is 22.214.171.124...
I see that now. I am guessing that to upgrade to 7.1.6 you cant use the upgrade appliance software function. I have tried it and it tells me there is no updates available.
7.1.5/7.1.6 are so called "controlled releases" - you need to perform special steps to install them. See upgrade instructions in release notes in McAfee's Knowledge Base.
But I would recommend you to consult with support before doing this. I hope, that somebody will participate in this thread
Alex is right about the controlled release. Basically an upgrade from the main 7.1.0 branch to the controlled release should work without any problems. In our statistics we see that more than 40% of all MWG 7.x. installations are running on the controlled release. It is stable and fully supported and will superseed 7.1.0 in the future. Nevertheless it contains a lot of new features, and you should test the upgrade and schedule a maintenance window, since downtimes may be possible.
If you would like to have a "generic" approach to detect streams an upgrade is the only way to get access to the streaming detector. It is not available in the version you are currently using. If you are only interested to get this particular video through, I would recommend to add an entry to the whitelist, which should let the video pass MWG without being interrupted and will make it available for your users.
Maybe this is suitable as a short-term solution and acceptable until you migrated to a version which allows streaming detection.