Forum Discussion

EricCH's avatar
EricCH
Icon for Nimbostratus rankNimbostratus
Jun 08, 2022

Access Policy Rules for AV does not match

Hi all,

We have just upgraded to BIG-IP 15.1.5.1 and APM Client 7.2.2.
We have access policy that controls the antivirus version before logging in.
Rule 1 for Symantec Endpoint and Rule 2 for Windows Defender.

Some computers are blocked because when the information is returned, the first antivirus returned is Windows Defender and the rules no longer match .
For the same computer at the next attempt, the order of the information is reversed, it is SEP that goes up first and in this case the rules match, in this case the user is logged .

We have updated the latest EPSEC package but nothing is done.

Have you ever noticed this problem?

Thanks and Regard

Eric

  • You shouldn't need a different rule for each AV engine. You can specify all the acceptable AV engines in a single agent instance, and then have rules for pass or fail. That way the order in which they are detected is irrelevant.

      • EricCH's avatar
        EricCH
        Icon for Nimbostratus rankNimbostratus

        Hi,

        We have tried several things and unfortunately Antivirus never go back in the same order despite declaring that SEP or Defender or Defender ATP, the three antivirus are always reported but in different orders at each connection.

         

        Regards