Hi, 

Hope you are doing well.

Below is few  messages seen on MWG dashboard in recent MWG versions:-

 Errors:

„No active AV scanner for streaming in at least one rule! (McAfee Gateway Anti-Malware has been disabled for at least one configuration and/or rule, either directly, or indirectly by missing or contradictory settings.)“

„No active antivirus scanner in at least one rule! (All of McAfee Antivirus, McAfee Gateway Anti-Malware, and Avira have been disabled for at least one configuration and/or rule, either directly, or indirectly by missing or contradictory settings.)“

Warnings:

“McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (GTI cloud lookups not enabled via URL filter configuration)”

“McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (missing ‘Provide GTI to GAM’ setting in antivirus configuration).”

The red errors cannot/should not come up without a yellow warning indicating a mis-configuration before.

Further, there is a 24-hour counter until the next message can be displayed in the dashboard to avoid flooding. For instant testing, a restart of the appliance or restart of the mwg services would be necessary since this will reset the counter.

Dependencies:

Yellow warning: “McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (missing ‘Provide GTI to GAM’ setting in antivirus configuration).”

Comes up if:

-the following option is disabled in the antimalware setting:

“Provide GTI web and file reputation queries to McAfee Gateway Anti-Malware”

Yellow warning: “McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (GTI cloud lookups not enabled via URL filter configuration)”

Comes up if either:

-rule set “Set URL Filter Internal Settings” is completely missing or

-used URL filter setting does not have enabled the option:

“Use online GTI web reputation and categorization services if local rating yields no result”

-if a policy restriction can lead to a behavior where a part of the transaction (request, response, embedded cycle) triggered the GAM (property “Antimalware.Infected”) and no URL Filter Internal Settings was triggered before (internal flag is not set)

(example 1: one GAM call is done on top of policy in a special rule set with “Stop Cycle” afterwards

example 2: a request is bypassed somewhere on top of the policy with a “Stop Cycle” (no URL Filter Internal Settings has been triggered = no flag is set for the transaction) but the response is not bypassed but somewhere scanned below (=GAM is triggered without the internal flag)).

The red error: “No active AV scanner for streaming in at least one rule! (McAfee Gateway Anti-Malware has been disabled for at least one configuration and/or rule, either directly, or indirectly by missing or contradictory settings.)”

Comes up if:

-option “Enabled Mobile Code Scanning” is disabled in the GAM setting that was called

-one of the yellow warnings did occur before

The red error: “McAfee Gateway Anti-Malware disabled in at least one rule because GTI cloud lookups are not available (missing ‘Provide GTI to GAM’ setting in antivirus configuration).”

Comes up if:

-no scanning at all is available (I think that this message should never occur)

As mentioned above, every single request must hit the URL Filter Internal Settings somehow to set the internal flag. Therefore, the recommendation is to move this rule set on top of the policy

Regards

Alok Sarda