Content & Malware Analysis

------------------------------
Sr. Network Security Engineer
IBM - Manged Security Services
------------------------------

Hi Keith,

Is this a new deployment? Typically unavailable means that the AV component isn't attached to your license on the backend, so if you have purchased a Sophos subscription, it needs to be activated and attached to this device on our licensing servers first.

To do this

• go to https://support.broadcom.com/security and click on "My Entitlements"
• Enter the serial number of the CAS and hit Enter
• Find your device, and click on the ribbon icon under "License"
  
• From the next screen, toward the bottom, click on the "Software Add Ons" tab. If you do not see your Sophos subscription already listed, click the "Add on" button
  
  
• You hopefully will see the Sophos SKU in the "Filter Available Addons" box. Select it and click the right arrow, and then click "Link"
  
  If you do not see the Sophos SKU, you will want to follow the steps listed in under "Add-on missing" of the following KB, or open a ticket with Customer Care
  https://knowledge.broadcom.com/external/article/145841
• After you see the subscription linked on the backend from the portal, you will want to update the license on the CAS, which you can do from System > Licensing on the Content Analysis GUI. (Please note, it may take a few minutes for the backend servers to talk with each other, and so try downloading the license again later if it doesn't work immediately.

More on Content Analysis Licensing can be found here:
https://knowledge.broadcom.com/external/article/172097/content-analysis-licensing.html
Original Message:
Sent: 07-07-2020 08:24 AM
From: Keith Lunn
Subject: CAS 2.3.5.1

So the Statistics > Historical log shows "AV Load Error" - How do I debug this issue?
Also in License AV section it shows all "unavailable" - what does that mean or what is the issue?
Thanks for any help!!!
:)

------------------------------
Sr. Network Security Engineer
IBM - Manged Security Services
------------------------------

Is that the reason also why I am seeing the "AV Load Error" in the Historical section?

------------------------------
Sr. Network Security Engineer
IBM - Manged Security Services
------------------------------

Original Message:
Sent: 07-08-2020 07:47 PM
From: Jacob M
Subject: CAS 2.3.5.1

Hi Keith,

Is this a new deployment? Typically unavailable means that the AV component isn't attached to your license on the backend, so if you have purchased a Sophos subscription, it needs to be activated and attached to this device on our licensing servers first.

To do this

• go to https://support.broadcom.com/security and click on "My Entitlements"
• Enter the serial number of the CAS and hit Enter
• Find your device, and click on the ribbon icon under "License"
  
• From the next screen, toward the bottom, click on the "Software Add Ons" tab. If you do not see your Sophos subscription already listed, click the "Add on" button
  
  
• You hopefully will see the Sophos SKU in the "Filter Available Addons" box. Select it and click the right arrow, and then click "Link"
  
  If you do not see the Sophos SKU, you will want to follow the steps listed in under "Add-on missing" of the following KB, or open a ticket with Customer Care
  https://knowledge.broadcom.com/external/article/145841
• After you see the subscription linked on the backend from the portal, you will want to update the license on the CAS, which you can do from System > Licensing on the Content Analysis GUI. (Please note, it may take a few minutes for the backend servers to talk with each other, and so try downloading the license again later if it doesn't work immediately.

More on Content Analysis Licensing can be found here:
https://knowledge.broadcom.com/external/article/172097/content-analysis-licensing.html
Original Message:
Sent: 07-07-2020 08:24 AM
From: Keith Lunn
Subject: CAS 2.3.5.1

So the Statistics > Historical log shows "AV Load Error" - How do I debug this issue?
Also in License AV section it shows all "unavailable" - what does that mean or what is the issue?
Thanks for any help!!!
:)

------------------------------
Sr. Network Security Engineer
IBM - Manged Security Services
------------------------------

Hi Keith,

Yes, AV means the antivirus engine failed to load. You can see this and other result descriptions in the Content Analysis Administration Guide 2.3 starting on page 132.

After you get to the point where your subscription shows as active under System > Licensing, I would check under Services > AV Patterns and see the download status of the av patterns. If it has finished with complications, I would try doing a Force Update, and see what happens. Hopefully everything is seemless though once the subscription is added to the license on the backend.

Thanks!
Original Message:
Sent: 07-09-2020 02:43 AM
From: Keith Lunn
Subject: CAS 2.3.5.1

Is that the reason also why I am seeing the "AV Load Error" in the Historical section?

------------------------------
Sr. Network Security Engineer
IBM - Manged Security Services

Original Message:
Sent: 07-08-2020 07:47 PM
From: Jacob M
Subject: CAS 2.3.5.1

Hi Keith,

Is this a new deployment? Typically unavailable means that the AV component isn't attached to your license on the backend, so if you have purchased a Sophos subscription, it needs to be activated and attached to this device on our licensing servers first.

To do this

• go to https://support.broadcom.com/security and click on "My Entitlements"
• Enter the serial number of the CAS and hit Enter
• Find your device, and click on the ribbon icon under "License"
  
• From the next screen, toward the bottom, click on the "Software Add Ons" tab. If you do not see your Sophos subscription already listed, click the "Add on" button
  
  
• You hopefully will see the Sophos SKU in the "Filter Available Addons" box. Select it and click the right arrow, and then click "Link"
  
  If you do not see the Sophos SKU, you will want to follow the steps listed in under "Add-on missing" of the following KB, or open a ticket with Customer Care
  https://knowledge.broadcom.com/external/article/145841
• After you see the subscription linked on the backend from the portal, you will want to update the license on the CAS, which you can do from System > Licensing on the Content Analysis GUI. (Please note, it may take a few minutes for the backend servers to talk with each other, and so try downloading the license again later if it doesn't work immediately.

More on Content Analysis Licensing can be found here:
https://knowledge.broadcom.com/external/article/172097/content-analysis-licensing.html
Original Message:
Sent: 07-07-2020 08:24 AM
From: Keith Lunn
Subject: CAS 2.3.5.1

So the Statistics > Historical log shows "AV Load Error" - How do I debug this issue?
Also in License AV section it shows all "unavailable" - what does that mean or what is the issue?
Thanks for any help!!!
:)

------------------------------
Sr. Network Security Engineer
IBM - Manged Security Services
------------------------------