Strict Hold is a new feature in R80.30 related to Threat Extraction.
If you're not using Threat Extraction on the gateway, you can disable this feature.
If you are using Threat Extraction, there are a few TAC cases that suggest that the upgrade process from earlier releases did not add the necessary configuration to $FWDIR/conf/malware_config
You can confirm this by:
- Checking if Hold Mode is enabled in SmartDashboard: Manage and Settings > Threat Prevention > General. If you're not using Threat Extraction, disabling this feature in SmartDashboard and installing policy should be sufficient.
- Seeing if there is a section for strict_hold_configuration in $FWDIR/conf/malware_config on the gateway and it has a setting for strict_hold_enable. If it does not, you need to add the necessary configuration.
In this case, add the following lines to $FWDIR/conf/malware_config on every affected gateway.
Note you can adjust the configuration of these lines as necessary (e.g. if you want Strict Hold to be enabled, set the parameter to 1)
[strict_hold_configuration]
strict_hold_enable=0
enable_on_background_mode=0
min_size_to_upload=0
max_size_to_upload=100000000# when tex_over_te enabled - perform sending TEX extracted file to client without waiting for TE full emulation verdict.
tex_over_te=0
flexible_hold_precent_to_send=50
flexible_hold_total_time_to_trickle_in_minutes=4
[strict_hold_fail_open_config]
strict_hold_fail_open_flag=1
url_entry_timeout=30
url_key_type=1
compare_second_try_md5=0
Once you've made this change, perform a policy install to the relevant gateways for these changes to take effect.