Forum Discussion
Doubstar_24121
Nov 22, 2011Nimbostratus
Pre-Logon Sequence - AV Check
Hi, Version - FirePass 7.0.0
URM: URM-7.0-20100611
Service Check Date - November 14, 2011
HF:
HF-70-1
HF-338323-1
HF-342493-2
HF-339375-1
HF-70-3
HF-70-4.1-1
Problem description:
i have made a pre-logon sequence AV_check, only it seems not to workn with: session.av.summary.monitor check=1
(session.av.summary.monitor >=1) AND (NOT(EXIST(session.av_scan.infected) AND (session.av_scan.infected != 0)))
error:
[result] => logon_denied_form
[result_url] =>
[result_note] =>
[log_id201111211736224eca7e062261e] => c2hvd19jbGllbnRfZGF0YQ==
[detected_av] => Array
(
[av_1] => Array
(
[agent_id] => OPSWAT_AV
[data_version] => 1.0
[protect] =>
[update] =>
[need_update] =>
[expression_id] =>
[name] => MicrosoftAS
[features] => 2
[engine_version] => 1.1.7801.0
[database_version] => 1.115.2100.0
[database_signature] =>
[database_time] => 2011.11.18 00:07:26
[monitor] => enabled
[last_scan] => 2011.11.07 21:20:25
[gui_state] => hidden
[description] => Windows%20Defender
[database_age] => 3
[r_log_0] => Criteria failed - not an antivirus
)
[summary] => Array
(
[count] => 1
)
)
)
)
only when i change the value (session.av.summary.monitor >=1) to =0 then the check sequence pass.
client machine info:
i use fully updated
Kaspersky Internet Security 2012
application version: 12.0.0.374
AV db release date: 20111122
OS: Win7 x64 SP1
- Mike_61719Cirrus*Double post
- Mike_61719CirrusAs long as you have the latest Opswat version and you can test on multiple operating systems, I would create a ticket with F5 support and see when a new Opswat will be released.
- Doubstar_24121Nimbostratusthnx
- Doubstar_24121NimbostratusSolved after updating FP to: OPSWAT HF-371280-1
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects