For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DLP_138742's avatar
DLP_138742
Icon for Nimbostratus rankNimbostratus
Apr 07, 2016

[AV Check] How to disable checking if Windows Defender is up-to-date during client-side check

Hello DevCentral users,

 

I am currently trying to figure out how to avoid running into issues when one of my users has eSet Endpoint Security installed on their Windows 10 devices. When a user installs eSet Endpoint Security it automatically disables the built-in Windows Defender. This disabled Windows Defender however is being found by the antivirus client-side check in my Access Policy. The user is then not able to log into my SSL-VPN.

 

I would like to know how to built an antivirus client-side check into my Access Policy where it doesn't matter which AV product a user has as long as its virus definitions have been updated at least 7 days ago, like this:

 

I've added Windows Defender as a second AV but when I do get it to work (no check on if the definitions are up-to-date) it won't suffice for users who only have Windows Defender installed.

 

Does anyone have any tips or tricks on how to set this up?

 

Thanks in advance!

 

antivirus
antivirus check
application delivery
BIG-IP
BIG-IP Access Policy Manager (APM)
ssl-vpn
windows defender

7 Replies

  • Grayson_149410's avatar
    Grayson_149410
    Icon for Nimbostratus rankNimbostratus
    Apr 07, 2016

    What version LTM are you using and what version of the epsec version? I had some issues from the one released last August but when I updated to the one released in March, it fixed a lot of the issues. I say that because that should work.

     

    • DLP's avatar
      DLP
      Icon for Nimbostratus rankNimbostratus
      Apr 07, 2016
      Ah sorry I should have mentioned that. We're running version 12.0 and the latest epsec 1.0.0-420.0. Doesn't work in this case though :(
    • Grayson_149410's avatar
      Grayson_149410
      Icon for Nimbostratus rankNimbostratus
      Apr 07, 2016
      Have you checked the logs on the session and see what it is returning? Try setting the AP logging to a higher level to see more details.
    • DLP's avatar
      DLP
      Icon for Nimbostratus rankNimbostratus
      Apr 07, 2016
      Yes I did check the logs. I'm going to copy & paste that in a reply to my own question because it won't show up properly here in a direct comment to your Answer.
  • DLP's avatar
    DLP
    Icon for Nimbostratus rankNimbostratus
    Apr 07, 2016
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.count;Session_Variable_Value=2;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.error;Session_Variable_Value=0;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.db_time;Session_Variable_Value=1459798252;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.db_version;Session_Variable_Value=1.217.613.0;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.engine_version;Session_Variable_Value=1.1.12603.0;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.errors;Session_Variable_Value=Failed to get 'last_scan'. code: -6 (Object not found) mId: 12 iId: 9
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.id;Session_Variable_Value=6009;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.name;Session_Variable_Value=Windows Defender;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.state;Session_Variable_Value=0;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.vendor_id;Session_Variable_Value=6;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.vendor_name;Session_Variable_Value=Microsoft Corp.;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.version;Session_Variable_Value=4.8.10240.16384;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.db_time;Session_Variable_Value=1459980000;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.db_version;Session_Variable_Value=13298 (20160407);
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.engine_version;Session_Variable_Value=1039 (20160219);
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.errors;Session_Variable_Value=Failed to get 'state'. code: -1 (General error) mId: 5 iId: 9
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.id;Session_Variable_Value=179009;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.name;Session_Variable_Value=ESET Endpoint Security;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.vendor_id;Session_Variable_Value=179;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.vendor_name;Session_Variable_Value=Eset Software;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.version;Session_Variable_Value=6.3.2016.0;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.result;Session_Variable_Value=0;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.sdk;Session_Variable_Value=3.6.10120.2;
session.check_software./Common/windows_avandfw_act_av_check_ag.av.state;Session_Variable_Value=0;
  • DLP's avatar
    DLP
    Icon for Nimbostratus rankNimbostratus
    Apr 11, 2016

    Anyone who can help me out with this issue? Any way to disable client-side checking for Windows Defender in Windows 10, or have it so that if a second AV product is installed that one gets preference or something?

     

  • onnobaas_275041's avatar
    onnobaas_275041
    Icon for Nimbostratus rankNimbostratus
    Jan 30, 2018

    Sorry, no answer but the same issue with windows 10 and bitdefender total security 2018, and 12.1.3 icm epsec 602