02-May-2021 03:04
Hi
Is it possible to set in APM to periodically check if client still have anti virus in enabled mode after he successfully logs in ?
In other vendors I noticed that you can set an interval (for example 120 seconds) to periodically check if the client has not disabled the antivirus software after logging in
02-May-2021 06:37
Hi Abed AL-R,
"An Antivirus action provides these settings and options:
Continuously check the result and end the session if it changes
Specifies Enabled or Disabled.
When Enabled, if the client does not respond for five minutes, the server ends the session."
https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-endpoint-security-client-side-items/about-the-antivirus-action.html
02-May-2021 12:12
Hi
Yeah I saw that. But I'm not sure how this is exactly should be work.
Does it mean it will continue checking if the client has AV for 5 minutes timeout before displaying username and password for login? Or after the login it will periodically every 5 minutes will re-check if client still has AV?
I mean I have a client PC running ESET. I temporary paused the AV and tried to login to the APM and I logged in successfully. And in session variable I saw AV state=1 which means 'enabled'.
So I guess if even before login disabled ESET shows enabled in APM variables, it will still see it is as enabled even after the login.
What I'm searching for is like this:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD48983
Have you tested this before and got it work?