APM host checker

Abed_AL-R · ‎02-May-2021

Hi

Is it possible to set in APM to periodically check if client still have anti virus in enabled mode after he successfully logs in ?

In other vendors I noticed that you can set an interval (for example 120 seconds) to periodically check if the client has not disabled the antivirus software after logging in

Enes_Afsin_Al · ‎02-May-2021

Hi Abed AL-R,

"An Antivirus action provides these settings and options:

Continuously check the result and end the session if it changes

Specifies Enabled or Disabled.

When Enabled, if the client does not respond for five minutes, the server ends the session."

https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-endpoint-security-client-side-items/about-the-antivirus-action.html

Abed_AL-R · ‎02-May-2021

Hi

Yeah I saw that. But I'm not sure how this is exactly should be work.

Does it mean it will continue checking if the client has AV for 5 minutes timeout before displaying username and password for login? Or after the login it will periodically every 5 minutes will re-check if client still has AV?

I mean I have a client PC running ESET. I temporary paused the AV and tried to login to the APM and I logged in successfully. And in session variable I saw AV state=1 which means 'enabled'.

So I guess if even before login disabled ESET shows enabled in APM variables, it will still see it is as enabled even after the login.

What I'm searching for is like this:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD48983

Have you tested this before and got it work?

DevCentral

APM host checker

MFA required on DevCentral