Forum Discussion

keefyweefy's avatar
keefyweefy
Icon for Nimbostratus rankNimbostratus
Apr 23, 2009

Endpoint AV failures

Hi

 

 

We're having problems with endpoint security within Firepass.

 

 

Firepass v6.0.3

 

 

Client:

 

Vista

 

Avira AntiVir

 

 

Using the default AV Check the client falls through to fallback. I've placed a write to logon log on the fallback path with:

 

monitor: %session.av.summary.monitor%

 

count: %session.av.summary.count%

 

 

The output into the logs is:

 

 

pre-logon: monitor: 0

 

count: 0

 

 

So it would appear the AV check isn't detecting the AV software on the client.

 

 

Any advise would be appreciated.
BIG-IP Access Policy Manager (APM)
remote access
security

2 Replies

Sort By
  • VictorS_96310's avatar
    VictorS_96310
    Icon for Nimbostratus rankNimbostratus
    Jun 09, 2009
    Try this for your AV rule:

     

    (session.av.summary.monitor >= 1) AND (NOT(EXIST(session.av_scan.infected) AND (session.av_scan.infected != 0)))

     

     

    And try this for your logger:

     

    Antivirus: %session.detected_av.av_1.name%,

     

    %session.detected_av.av_1.monitor%,

     

     

    Antivirus2: %session.detected_av.av_2.name%,

     

    %session.detected_av.av_2.monitor%,
  • Mike_61719's avatar
    Mike_61719
    Icon for Cirrus rankCirrus
    Aug 25, 2009
    It is an Opswat issue, install the latest version. You will have issues with Opswat and the engine versions of software, best case is to install an AV solution that rarely changes versions.