The antivirus and firewall client-side checks use software libraries from a software development kit (SDK) created by OPSWAT, Inc. The package is named Endpoint Security (EPSEC) and you can check the version by using the following command:
tmsh show apm epsec software-status
I tried to search around for where exactly it checks the parameter but did not find any material on it. My suggestion is that if you have problems with this SDK, contact F5 support and register a case.
There are some more details on this in the TMOS operations guide: