1 2 3 Previous Next 24 Replies Latest reply on May 18, 2017 9:01 AM by galcan

    Gateway Anti Malware

    hazwan

      @

      Hi All,

       

      I'm having problem with gateway anti malware to update definition of malware. Nsm already configured with dns and one of IPS inside domain already updated malware definition to latest update, but one of our IPS is failed to update with error. But the failed IPS can update callback detector to the latest. I try to check within IPS with command show gam engine stats but it shows engine status :uninitialized. Anyone know how to troubleshoot GAM or I need to do any configuration to enable gam?

       

       

      Thank You.

       

      Regards,

      Hazwan

        • 1. Re: Gateway Anti Malware
          peter.mason

          Hi Hazwan,

           

          What is the error you are receiving when updating GAM for this sensor?

           

          What is the model and software version of the sensor?

           

          Are you manually updating or using automatic updates?

           

          Peter

          • 2. Re: Gateway Anti Malware
            hazwan

            Hi Peter,

             

            Above is an error I received. IPS model is 7300 and software version 8.2.5.100. I'm using automatically updates.

             

            Regards,

            Hazwan

            • 3. Re: Gateway Anti Malware
              peter.mason

              Hi Hazwan,

               

              Are you seeing any errors in the EMS.log for this failure?

               

              It could just be a communication failure with the update site. NSP uses different update sites for the different downloads (software / sigsets / bot / etc) so you may be blocking the communication.

               

              You can also just manually download the software update here

               

              https://contentsecurity.mcafee.com/update

               

              And import it to the manager Manage > Updating > Manual Import

               

              You should then be able to deploy it to your sensor.

               

              Peter

              • 4. Re: Gateway Anti Malware
                hazwan

                Hi Peter,

                 

                Which line that contain string should I look at in EMS.log?

                I also think DNS customer block the Gateway Anti-Malware update site. Did you know the site link or what should I advice customer to allow domain/site for update GAM. Automatically update will much more help as I dont need to go onsite each time for update GAM. Your kinds help much appreciate.

                 

                Regards,

                Hazwan

                • 5. Re: Re: Gateway Anti Malware
                  peter.mason

                  Hi Hazwan,

                   

                  This is what I see in my ems.log file for an N series sensor trying to update GAM when the manager does not have access to the internet.

                   

                  2015-09-18 04:52:35,600 ERROR [http-bio-0.0.0.0-443-exec-148] iv.common.HttpClient.ApachePOSTImpl - doPOST:Error while doing the http get function for the url https://tau.mcafee.com/cgi-bin/update.pl the error is java.net.ConnectException: Connection timed out: connect

                  2015-09-18 04:52:35,600 ERROR [http-bio-0.0.0.0-443-exec-148] com.intruvert.ui.sensor.data.GAMVersion - com.intruvert.ruleEngine.utils.gam.GamDatException: Internal Server Error

                   

                  If they are using manager version 8.2.7.46 or higher they should have the option under Manage > Troubleshooting > System Log to view the tail of the EMS log, then if you turn GAM updating off and back on for the problem sensor they can see what errors are generated.

                   

                  If not they will have to look in the log files for errors that match the time stamp on the error the manager is generating.

                   

                  If the sensor is outside the domain and their is a firewall between it and the manager you may just need to open additional ports for communication. Look at the requirements in the Manager Installation guide to find out what ports need to be open for communication.

                   

                  Regards

                   

                  Peter

                  • 6. Re: Gateway Anti Malware
                    peter.mason

                    Hi Hazwan,

                     

                    Were you able to get the sensor to update?

                     

                    Peter

                    • 7. Re: Gateway Anti Malware
                      hazwan

                      Hi Peter,

                       

                      Yes, I'm able to update the sensor by manual but that is what we dont want to achieve. Actually, when we trying to update automatically using google public dns 8.8.8.8, it is not successful. I filtered the connection, the request has been sent to google dns but there is no traffic reply to the request.

                       

                      For our IPS other domain, automatically update using local disaster recovery domain no problem. I can see the traffic response from mcafee ip using https connection.

                       

                      I'm thinking of the connection has been blocked by dns google. So weird...

                       

                      Thank You.

                       

                      Regards,

                      Hazwan

                      • 8. Re: Gateway Anti Malware
                        jvdavis456

                        All,

                        I am having a similar problem with NTBA T-VM. All sensor software, sigset and engine software is up to date, but I'm getting a DNS error whenever GAM tries to auto-update. DNS requests to tau.mcafee.com are seen going through the firewall. We tried updating manually and it didn't take...then I read the note on that page in the NSM that manual updating GAM does not work for NTBA. I was hoping someone may have found a fix for this by now. If you know of one, please respond.

                        • 9. Re: Gateway Anti Malware
                          Moe Hassan

                          Yup, manual updating for NTBA would be nice. I'm getting some DNS errors for auto download. There are a lot of environments where DNS and Firewall are not optimized. So manual update is only option.

                          1 2 3 Previous Next