On the Control Manager console, under Administration > Suspicious Objects > Virtual Analyzer Objects > [select the specific SO] > View > Distribution, IWSVA is not showing on the TMCM Suspicious Objects (SO) Distribution list.
When you check the IWSVA console, in HTTP > Advanced Threat Protection > Custom Defense > Custom Defense Settings tab, it does not show the Enable TMCM SO sync option. Only the Enable DDAn Submission and SO Sync option is present.
To resolve the issue:
- Log in to IWSVA using putty and edit /etc/iscan/intscan.ini.
- Set "so_integration_enabled=1" under [dtas] section as shown below and then save.
- Refresh the IWSVA web console and the option Enable TMCM SO Sync should now be available.
When the note stating "Control Manager will provide the suspicious object list. If both Control Manager and Deep Discovery Analyzer have been enabled, the InterScan Web Security Virtual Appliance will prioritize Control Manager for retrieving the suspicious objects. The submission feature in Deep Discovery Analyzer will still work correctly." appears, click OK.
On TMCM 7.0, IWSVA should now be included in the SO Distribution list.
