Support Center > Search Results > SecureKnowledge Details
How to clear Anti-Virus and Anti-Bot kernel cache? Technical Level
Solution

Follow these steps to clear the Anti-Virus kernel cache on a Security Gateway / cluster:

  1. Connect with SmartDashboard to Security Management Server / Domain Management Server.

  2. Go to File menu - click on Database Revision Control... - create a revision snapshot.

  3. Close all SmartConsole windows (SmartDashboard, SmartView Tracker, SmartView Monitor, etc.).

  4. Connect with GuiDBedit Tool to Security Management Server / Domain Management Server.

  5. In the upper left pane, go to Table - Other - rad_services.

  6. In the upper right pane, select malware_rad_service_0:

    1. In the lower pane, right-click on the policy_install_cache_override - select Edit....

    2. Select "true" - click on OK.



  7. In the upper right pane, select antivirus_rad_service_0:

    1. In the lower pane, right-click on the policy_install_cache_override - select Edit....

    2. Select "true" - click on OK.



  8. Save the changes: go to File menu - click on Save All.

  9. Close the GuiDBedit Tool.

  10. Connect with SmartDashboard to Security Management Server / Domain Management Server.

  11. Install the policy only on the involved Security Gateway / Cluster object.

  12. Verify that the Anti-Virus kernel cache tables are empty on the involved Security Gateway / cluster members:

    1. [Expert@HostName]# fw tab -t av_cache -s

      Output should be:

      HOST                  NAME                               ID #VALS #PEAK #SLINKS
      localhost             av_cache                          XXX     0     0       0
      
    2. [Expert@HostName]# fw tab -t malware_cache_tbl -s

      Output should be:

      HOST                  NAME                               ID #VALS #PEAK #SLINKS
      localhost             malware_cache_tbl                 XXX     0     0       0
      


  13. CRUCIAL STEP: Restore the default value for policy_install_cache_override ("false"):

    Note: If default value ("false") is not restored, then Anti-Virus kernel cache will be cleared on each policy installation.

    1. Close all SmartConsole windows (SmartDashboard, SmartView Tracker, SmartView Monitor, etc.).

    2. Connect with GuiDBedit Tool to Security Management Server / Domain Management Server.

    3. In the upper left pane, go to Table - Other - rad_services.

    4. In the upper right pane, select malware_rad_service_0:

      1. In the lower pane, right-click on the policy_install_cache_override - select Edit....

      2. Select "false" - click on OK.


    5. In the upper right pane, select antivirus_rad_service_0:

      1. In the lower pane, right-click on the policy_install_cache_override - select Edit....

      2. Select "false" - click on OK.


    6. Save the changes: go to File menu - click on Save All.

    7. Close the GuiDBedit Tool.


  14. Connect with SmartDashboard to Security Management Server / Domain Management Server.

  15. Install the policy on the relevant Security Gateway / Cluster object.

 

Related solutions:

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment