Forum Discussion
Abed_AL-R
Cirrostratus
CirrostratusAPM host checker
Hi
Is it possible to set in APM to periodically check if client still have anti virus in enabled mode after he successfully logs in ?
In other vendors I noticed that you can set an interval (for example 120 seconds) to periodically check if the client has not disabled the antivirus software after logging in
Hi Abed AL-R,
"An Antivirus action provides these settings and options:
Continuously check the result and end the session if it changes
Specifies Enabled or Disabled.
When Enabled, if the client does not respond for five minutes, the server ends the session."
https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-endpoint-security-client-side-items/about-the-antivirus-action.html
Abed_AL-RHi
Yeah I saw that. But I'm not sure how this is exactly should be work.
Does it mean it will continue checking if the client has AV for 5 minutes timeout before displaying username and password for login? Or after the login it will periodically every 5 minutes will re-check if client still has AV?
I mean I have a client PC running ESET. I temporary paused the AV and tried to login to the APM and I logged in successfully. And in session variable I saw AV state=1 which means 'enabled'.
So I guess if even before login disabled ESET shows enabled in APM variables, it will still see it is as enabled even after the login.
What I'm searching for is like this:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD48983
Have you tested this before and got it work?
- Luke_Lehman
Employee
I know this post/question is a couple years old, but I wanted to share this article, in case anyone else lands here with a similar question.
"Windows checks run every 90 seconds; Mac and Linux every 5 seconds."
Find the 'Recurring checks' section: https://my.f5.com/manage/s/article/K15302653
