Field Notice: FN - 63815 - WSA: McAfee Engine Update Necessary for Web Security Appliances
April 25, 2014
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE
OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE
IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD
NOTICE AT ANY TIME.
Initial Public Release
Cisco Web Security Appliances
Cisco Web Security Virtual Appliances
McAfee Antivirus/Anti-malware Engine version 5400 becomes End of Life (EOL) on April 30th 2014.
EOL for the Antivirus/Anti-malware Engine means they stop testing new signatures (data (DAT) files) against it. Over time the efficacy of version 5400 might go down as the new DATs use data structures, etc. that are only used by the newer engines. In some scenarios, the newer DATs may grow to the point to where the old engine cannot load them and fail to initialize.
McAfee declared the EOL of the 5400 Engine on October 2013 and agreed to extend its support for 6 months. THe new expiration date is April 30th 2014. After this date all equipment running this engine might start to see a drop in the efficacy of this Antivirus/Anti Malware.
Web Security Appliances (WSA) running any versions 7.1.x, 7.5.x, or 7.7.5 builds along with any 7.7.0 build prior to 725 are still running McAfee Engine 5400.
WSAs running McAfee Engine 5400 will eventually start seeing efficacy drop, because new, improved McAfee signatures will be enabled only for new engine.
You can verify if your WSA is running Engine 5400:
- On the command line interface (CLI), use the version command and look for McAfee Anti-malware Engine:
version McAfee Anti-malware Engine: 5600 (Never Updated)
- On the web interface:
For version 7.1.x, go to Security Services -> Anti-malware page and check for version for McAfee Anti-malware Engine.
For version 7.5.x and higher, go to Security Services -> Web Reputation and Anti-malware page and check for version for McAfee Anti-malware Engine.
Upgrade your WSA to version 7.1.4-102, version 7.5.2-304, version 7.7.0-725, version 7.7.5-195, or any version 8.0 to ensure you are running the McAfee Engine 5600.
To upgrade your appliance on the web interface:
- On the System Administration > System Upgrade page, click Available Upgrades.
- The page refreshes with a list of available AsyncOS for web upgrade versions.
- Click Begin Upgrade to start the upgrade process. Answer the questions as they appear.
- When the upgrade is complete, click Reboot Now to reboot the WSA.
To upgrade your appliance on the CLI:
- Use the upgrade command and answer the questions as they appear. It will show you a list of available versions.
- Select one of the versions with the new engine and reboot your appliance after the upgrade is complete.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.