Support Center > Search Results > SecureKnowledge Details
IPS Update download through Security Gateway with enabled Anti-Virus blade fails at 99% Technical Level
Symptoms
  • IPS Update download through Security Gateway with enabled Anti-Virus blade fails at 99%.

  • The user sees the following prompt in SmartDashboard:

  • SmartView Tracker log from Anti-Virus blade shows:

    Resource = http://dl3.checkpoint.com/paid/...
    Destination = XXX.deploy.static.akamaitechnologies.com (<IP Address>)
    Protocol = TCP
    Port = http (80)
    Action = Prevent
    Sent Bytes = 0
    Received Bytes = 0
    Reason = Failed to process the file
    Client Type = Other: FDT_LIBCURL
    Information = precise_error: unknown error
    
    Example:
  • "Enabled Archive scanning" box is checked in the Threat Prevention profile that is used in the involved Threat Prevention policy (SmartDashboard - go to "Threat Prevention" tab - in the left tree, click on "Profiles" - go to "Anti-Virus Settings" pane).

  • Threat Prevention Engine is current set to "Block all connections (Fail-close)" (SmartDashboard - go to "Threat Prevention" tab - in the left tree, expand "Advanced" - go to "Engine Settings" pane).

  • Setting Threat Prevention Engine to "Allow all connections (Fail-open)" and installing policy resolves the issue (IPS Update download completes successfully).

  • Debug of DLPU daemon (per sk103939) during the issue shows:
    [KAV] kav_clbk_fn: Object Count=10001, Origin object size=..., Current object size=..., Total object size=... (... left), Ratio=...
    [KAV] kav_clbk_fn: Maximum number of extracted files reached, canceling scan...

Cause

The default value of "Maximum number of extracted files" is set to 10000 (refer to max_archive_extracted_files parameter in the $FWDIR/conf/malware_config file on Security Gateway).

IPS Update package contains more than 150000 files in the archive.

Note: Increasing the number of "Maximum number of extracted files" to such large number will cause high CPU utilization.


Solution
Note: To view this solution you need to Sign In .