Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at https://www.mcafee.com/enterprise/en-us/downloads/my-products.html.
Reference Number
Related Article
Found in MWG Version
Resolved in MWG Version
Issue Description
1265798
7.8.2.6
7.8.2.6.1
7.8.2.7
Issue: You see a kernel panic when you reboot MWG.MWG stops during the reboot and displays Kernel Offset/Kernel Panic errors on the screen. Workaround: Reboot MWG again.
Issue: Unable to log on to MWG manager (UI). Solution: See the related article.
1258067
7.8.2.3
7.8.2.4.1
7.8.2.5
Issue: The Stream scanner does not work when you disable GTI.
Cause: Air-gapped mode for streaming fails as the Enable Media Stream Scanner event does not have any parameters. The required antivirus configuration can't be provided when you enable the stream scanner. As a consequence, AV filtering does not receive configuration information in the streaming connections and uses a default config instead. In a default config, air-gapped is not enabled.
Workaround: Install the hotfix and change the Start Media Stream Scanner on Streaming Media and Skip Anti-Malware Scanning default rule in your existing Policy in the Gateway Anti-Malware rule set.
You must change the Event in this rule set from Enable Media Stream Scanner to Enable Media Stream Scanner <Gateway Anti-Malware>.
In the settings of this new parameter <Gateway Anti-Malware>, select Allow local-only lookups in air-gapped environment (not recommended) and save your changes.
NOTE: This setting and the MWG version can't be synchronized to versions earlier than 7.8.2.4.1 and 7.8.2.5. Ensure that all cluster members are updated before you enable this option in a cluster.
1248650
7.8.2
Issue: After you upgrade to version 7.8.2, the iptables and ip6tables services fail to automatically start.
Workaround: To get WCCP, Network Protection, or L2 transparent mode working again:
Open a command-line session.
Manually start the services:
Typesystemctl start iptablesand press Enter.
Type systemctl start ip6tables and press Enter.
Enable the autostart of the services for the next reboot:
Type systemctl enable iptables and press Enter.
Type systemctl enable ip6tables and press Enter.
NOTE: The mfend modes are not affected. Only the transparent modes that are selected under Configuration, Appliances, Proxies, Proxy (optional WCCP) are affected.
1248142
7.8.2
Issue: When you update to 7.8.2, the manager (UI) is no longer available. Only a reimage brings the system back online.
Cause: Conditional DNS is enabled.
Workaround: Before you upgrade, click Configuration, Domain Name Service, and deselect Enable Conditional DNS.
After the upgrade, you can re-enable Conditional DNS and your settings will still be present.
1242790
Issue: The AWS platform is not yet supported.
1240507
Issue: MLOS3: Ibr0 interface is deleted after you remove the configuration.
1236428
Issue: You see error messages logged in /var/log/message that start with: SEVERE: …
1235547
Issue: MLOS3: Unable to bring up deployment mode.
You can configure MWG only in deployment mode (Router, Proxy Ha, or Bridge) using separate steps, and saving your changes between them. If you configure network interface and deployment modes together, it causes issues.
Solution: Manage the configuration in two steps:
Configure network interfaces and save changes.
Configure the deployment mode and save changes.
1216175
7.8.0.2 and earlier
7.8.0.3
Issue: When MWG worked with Advanced Threat Defense to provide more scanning for antimalware filtering, problems with connecting to Data Exchange Layer (DXL) caused the core process to fail and exit with term signal 11. Solution: MWG 7.7.2.8 no longer establishes multiple connections to ePolicy Orchestrator (ePO) when you click "Rejoining ePO for DXL communication" in ePO settings. Instead, it cancels the existing connection and creates a new connection. This rejoining process can lead to rule engine errors when no DXL connection is available.
1221523
7.8.0.2 and earlier
7.8.0.3
Issue: CVE-2017-1000405: A flaw was found in the updates used to fix the 'dirty cow' vulnerability. An attacker, able to run local code, can exploit a race condition in transparent huge pages to change pages that are usually read only. Solution: MWG 7.7.2.8 upgrades the installed kernel version.
Reference Number
Related Article
Found in MWG Version
Resolved in MWG Version
Issue Description
WP-3305
7.8
Issue: You intermittently see an antimalware engine update error: [AV] [UpdateFailed2] Error updating the Antivirus engine. Reason: 'Error starting engine 'McAfee Gateway Anti-Malware', error code: 5'."
You also see that service restarts take upwards of 40 minutes rather than the expected 5.
1260754
7.8
7.8.2.5
Issue: When you import a rule set containing custom certificates, you see the error:
java.lang.NullPointerException
The import then fails because custom certificates are automatically removed during the initial export.
1256688
7.8.2.2
Issue: Spanport Automation stops receiving information from the ICAP server. You can't view log entries in access.log on the spanport proxy.
1252845
7.8.2
7.8.2.2
Issue: A change of the root password for a Web Gateway appliance on the user interface could not be completed correctly. There was a problem with processing arrays of strings. A new password is set, but it is different from the entered one.
1255422
7.8.2
Issue: Hardware Security Module (HSM) keys, which require no interaction such as when you enter a password, are not loaded automatically during the start or upgrade process of MWG.
Solution: You must perform this process manually from the command line.
Perform the reboot.
Open a command-line session on the appliance.
Type/opt/mwg/bin/hsmagent -cand press Enter.
1232902
7.8.1.3
Issue: During the installation, you see the following message: "WARNING: /lib/modules/3.18.93-10.1.mlos2.mwg.x86_64/kernel/fs/vmhgfs/vmhgfs.ko needs unknown symbol mcount". On VMware platforms, you also see a warning from the Init script during boot. Solution: The filesystem driver, vmhgfs module, is used for the shared folder feature. The rest of the software provided by VMware tools is designed to work independently of this feature. It is safe to ignore this warning.
1209458
7.8
Issue: When you import the ruleset Mobile Security for Inbound Traffic, the import fails and displays the error:
Reading Rule Set(s) from File failed:
null
Error while fixing library content
Workaround: This issue is intermittent; try the import again until successful.
1209459
7.8
Issue: When you import the ruleset Single Sign On, the import fails and displays the error:
Reading Rule Set(s) from File failed:
null
Error while fixing library content
Workaround: This issue is intermittent; try the import again until successful.
1210410
7.8
Issue: When multiple customers configure the same list of ICAP servers in Web Hybrid ruleset, those customers might notice ICAP communication failures. This issue occurs only when multiple customers use a common on-Cloud DLP server.
1212521
7.8
Issue: During yum upgrade you see the following error message on the console:
# executing /sbin/sysctl -q -p
error: "fs.protected_hardlinks" is an unknown key
error: "fs.protected_symlinks" is an unknown key
# failed to run script /sbin/sysctl -q -p: executing /sbin/sysctl -q -p failed
Workaround: This error is cosmetic. It is safe to ignore this error.
1212522
7.8
Issue: During yum upgrade, you see the following error message on the console:
# executing /etc/init.d/cgconfig restart
Stopping cgconfig service: Error: cannot open /proc/cgroups: No such file or directory
cgclear failed with No such file or directory
[ OK ]
Starting cgconfig service: /sbin/cgconfigparser; error loading /etc/cgconfig.conf: Cgroup mounting failed
/sbin/cgconfigparser; error loading /etc/cgconfig.d/mwg.conf: No such file or directory
Error: cannot mount cpuset to /cgroup/cpuset: No such device
Error: cannot open /proc/cgroups: No such file or directory
Failed to parse /etc/cgconfig.conf or /etc/cgconfig.d[FAILED]
# failed to run command cgconfig restart: executing /etc/init.d/cgconfig restart failed
Workaround:This error is cosmetic. It is safe to ignore this error.
