4 Replies Latest reply on Aug 21, 2013 8:42 AM by pierce

    MOVE multi platform 2.6.2 - keep ending up with 'disabled' protection

    pierce

      Hey,

       

      Any one else experincing issues with the move av multiple platform 2.6.2 where every few days some machines report that protection is disabled?

       

      A quick uninstalled and then re-install seems to resolve the issue but wondering if its something we are doing to the enviornment that could be causing this or a potential issue with MOVE-AV.

       

      thanks,

      Pierce

        • 1. Re: MOVE multi platform 2.6.2 - keep ending up with 'disabled' protection
          a.vogel

          Hello,

           

          i have a disable enable loop on all devices.

          Here is an example:

           

          12.08.13 12:11:30 34262 Protection Enabled.

          12.08.13 12:10:50 34263 Protection Disabled.

          12.08.13 12:09:50 34262 Protection Enabled.

          12.08.13 12:09:10 34263 Protection Disabled.

          12.08.13 12:08:10 34262 Protection Enabled.

          12.08.13 12:07:30 34263 Protection Disabled.

           

          Re-install the MOVE 2.6.2 helps on any systems, but not on all.

           

          Greetings

          1 of 1 people found this helpful
          • 2. Re: MOVE multi platform 2.6.2 - keep ending up with 'disabled' protection
            pierce

            Looking into this with support now, one of our offload scanners seems messed up. might be unrelated/might be the issue. will let you know.

             

            If you remote into your offload scanner and type 'mvadm stats' one of our boxes showed 0 idle threats and a few requests in the queue, but box was sitting there idling.

            backup box had 200+ idle threads and was doing 100MBps across the networking so being fully used!

            • 3. Re: MOVE multi platform 2.6.2 - keep ending up with 'disabled' protection
              pierce

              So seems to be that one of our offload scanners goes into a wierd shutdown status, a reboot solves but this appears to be what is causing the endpoints to go into the disabled state.

               

              If your type 'mvadm stats' on offload scanner you get

              'Exiting. error 1048 [Peer has shutdown the connection]'

               

              If you type 'mvadm status' on the endpoint with the disabled protection you get:

              'Scan Configuration: enabled

              Driver Status: Driver is loaded

              Primary Server:  primary01.domain.com:9053 [Not Configured]

              Secondary Server:  secondary02.domain.com:9053 [Not Configured]

               

              Protection Status: Disabled'

               

              However the other 100 machines in our environment are happy reporting to the secondary server without issue and it reports it has idle threads available to take on more work if needed.

               

              Still working with mcafee support, so far having fun with email tag and providing MER's that dont have enough information....

               

              Message was edited by: pierce on 8/19/13 4:42:10 AM CDT
              1 of 1 people found this helpful
              • 4. Re: MOVE multi platform 2.6.2 - keep ending up with 'disabled' protection
                pierce

                So our policy pointed to the offload scanners by FQDN (offloadscanner01.domain.com) changing this to IP and doing a force update resolved all our agents, they now all report as active and enabled protection.

                 

                Waiting to see if this resolves the offload scanner itself going down but so far looks promising.