cancel
Showing results for 
Search instead for 
Did you mean: 

Access Policy Rules for AV does not match

EricCH
Nimbostratus
Nimbostratus

Hi all,

We have just upgraded to BIG-IP 15.1.5.1 and APM Client 7.2.2.
We have access policy that controls the antivirus version before logging in.
Rule 1 for Symantec Endpoint and Rule 2 for Windows Defender.

Some computers are blocked because when the information is returned, the first antivirus returned is Windows Defender and the rules no longer match .
For the same computer at the next attempt, the order of the information is reversed, it is SEP that goes up first and in this case the rules match, in this case the user is logged .

We have updated the latest EPSEC package but nothing is done.

Have you ever noticed this problem?

Thanks and Regard

Eric

3 REPLIES 3

Gym
Cirrus
Cirrus

You shouldn't need a different rule for each AV engine. You can specify all the acceptable AV engines in a single agent instance, and then have rules for pass or fail. That way the order in which they are detected is irrelevant.

did that work out for you @EricCH ?

Hi,

We have tried several things and unfortunately Antivirus never go back in the same order despite declaring that SEP or Defender or Defender ATP, the three antivirus are always reported but in different orders at each connection.

 

Regards