These Anti-Bot / Anti-Virus “Web service error” messages will be shown each time a request from the gateway to the ThreatCloud will be terminated with a timeout.

Possible causes:

1. Connectivity issue - timeout while trying to connect to Check Point online service.
   
   
2. Online Web Service access configuration problem - using Hold configuration for span port / tap installations.
   
   
3. Memory allocation problem - the gateway's memory is overloaded.
   
   
4. File extension sent to be scanned by the Anti-Virus blade contains spaces.  
   
   
5. Check Point kernel uses URL normalization routines to get the hostname out of a given URL checking if it contains a dot character (e.g., google.com instead of google). Some internal sites use hostnames without any dot characters, and in such cases URL validation fails. As a result, Anti-Malware is unable to categorize such host.

Note: Starting from R75.47 and R76, Anti-Bot Resource Classification mode for DNS is performed in the "background" on the Security Gateway. To learn more, see sk92224 - Resource Categorization for Anti-Bot / Anti-Virus DNS Settings optimization.

 

Follow these steps:

1. Connectivity issue - timeout while trying to connect to Check Point online service.
   
   Check the following:
   
   
   1. Check DNS configuration on the Security Gateway.
      
      
   2. Check Proxy configuration on the Security Gateway.
      
      
   3. Connectivity from the Security Gateway:
      
      [Expert@GW]# curl_cli http://cws.checkpoint.com/AntiVirus/SystemStatus/type/short
      
      This link should always be available and should always return a "true" value:
      <?xml version="1.0" encoding="UTF-8"?><response><allSystemsOK>true</allSystemsOK></response>
      
      Note: For more information about the curl, refer to cURL documentation.
   
   
   
2. Online Web Service access configuration issue - using Hold configuration for span port / tap installations.
   
   Configure the following:
   
   
   1. In SmartConsole / SmartDashboard, go to "Threat Prevention" tab -> expand "Advanced" -> click on "Engine Settings" -> in the "Resource classification mode" section, change from "Hold" to "Background".
      
      
   2. Install policy.
   
   
   
3. Memory allocation issue - the Security Gateway's memory is overloaded.
   
   
   1. Wait for the memory consumption to decrease (for example, memory consumption is increased during policy installation, during IPS update, etc).
      
      
   2. If the memory exhaustion persists, contact Check Point Support for troubleshooting.
   
   
   
4. File extension sent to be scanned by the Anti-Virus blade contains spaces
   
   
   1. Remove the file-extension property from the request (this will not affect the security of the Anti-Virus blade):
      
      
      1. On the gateway, edit the $FWDIR/conf/rad_scheme.C file (back it up before making the change).
      2. Delete the following two lines below "antivirus":
           :const ("&file_ext=")
  :value ("trapper:file_ext")
      
      
      
   2. Install policy on the gateway
   
   
   
5. Users behind the Security Gateway try to access a non-standard URL, such as URL without dots.
   
   Example: URL without .com at the end.
   
   This problem was fixed. The fix is included in:
   
   
   • Check Point R77.10
   • Jumbo Hotfix Accumulator for R77 - since Take_1

   Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).

    

Related solution: sk83520 - How to verify that Security Gateway and/or Security Management Server can access Check Point servers?