How does BIG-IP checks if an antivirus is started ?
We recently switched from ESET antivirus to Palo Alto Cortex XDR.
We've noticed that if a connection via the BIG-IP VPN client is launched within two minutes of computer startup (not logon), the antivirus startup compliance check on the workstation doesn't work, as the client returns no antivirus currently working.
When the connection is retried, and the computer has been running for more than two minutes (since computer startup, not logon once again), the antivirus is detected without a hitch.
So my questions are:
- how is the check carried out?
- Is a specific process observed (we've noticed that the cyserver.exe process takes about 1:30 to start)?
- Have similar cases been observed with the Palo Alto Cortex antivirus? We had no such problems with ESET.
Here some technical details about our F5 infra : BIG-IP v188.8.131.52 (Build 0.13.5), apmclients-7243.2023.718.858-6294.0.iso, OPSWAT Antimalware Integration SDK 4.3.3726.0 (for compliance check we of course added Palo Alto Cortex XDR for all the versions, and as I said, it works when we wait for more than 2 minutes after computer startup).
Thanks in advance