Guest

Cisco Web Security Appliance

Field Notice: FN - 63815 - WSA: McAfee Engine Update Necessary for Web Security Appliances

Field Notice: FN - 63815 - WSA: McAfee Engine Update Necessary for Web Security Appliances

April 25, 2014


NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Date Comment
1.0
25-APR-2014
Initial Public Release

Products Affected

Products Affected
Cisco Web Security Appliances
Cisco Web Security Virtual Appliances

Problem Description

McAfee Antivirus/Anti-malware Engine version 5400 becomes End of Life (EOL) on April 30th 2014.

Background

EOL for the Antivirus/Anti-malware Engine means they stop testing new signatures (data (DAT) files) against it. Over time the efficacy of version 5400 might go down as the new DATs use data structures, etc. that are only used by the newer engines. In some scenarios, the newer DATs may grow to the point to where the old engine cannot load them and fail to initialize.

McAfee declared the EOL of the 5400 Engine on October 2013 and agreed to extend its support for 6 months. THe new expiration date is April 30th 2014. After this date all equipment running this engine might start to see a drop in the efficacy of this Antivirus/Anti Malware.

Web Security Appliances (WSA) running any versions 7.1.x, 7.5.x, or 7.7.5 builds along with any 7.7.0 build prior to 725 are still running McAfee Engine 5400.

Problem Symptoms

WSAs running McAfee Engine 5400 will eventually start seeing efficacy drop, because new, improved McAfee signatures will be enabled only for new engine.

You can verify if your WSA is running Engine 5400:
  1. On the command line interface (CLI), use the version command and look for McAfee Anti-malware Engine:

    version McAfee Anti-malware Engine: 5600 (Never Updated)
  2. On the web interface:

    For version 7.1.x, go to Security Services -> Anti-malware page and check for version for McAfee Anti-malware Engine.

    For version 7.5.x and higher, go to Security Services -> Web Reputation and Anti-malware page and check for version for McAfee Anti-malware Engine.

Workaround/Solution

Upgrade your WSA to version 7.1.4-102, version 7.5.2-304, version 7.7.0-725, version 7.7.5-195, or any version 8.0 to ensure you are running the McAfee Engine 5600.

To upgrade your appliance on the web interface:

  1. On the System Administration > System Upgrade page, click Available Upgrades.

  2. The page refreshes with a list of available AsyncOS for web upgrade versions.

  3. Click Begin Upgrade to start the upgrade process. Answer the questions as they appear.

  4. When the upgrade is complete, click Reboot Now to reboot the WSA.

To upgrade your appliance on the CLI:

  1. Use the upgrade command and answer the questions as they appear. It will show you a list of available versions.

  2. Select one of the versions with the new engine and reboot your appliance after the upgrade is complete.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.