ICAP server reachable, however ASM claims communication issues
Greetings, I have encountered a situation where I have implemented basic AV protection to a server. Tests with EICAR file work fine from internal and external networks (should not really matter). The thing is that on some occasions I noticed that the file upload had been blocked but the Virus violation states: "Virus detection was not performed due to communication problem. See details here: /ts/log/bd.log" There is no relevant info in that log file. Guaranteed enforcement was turned on, so I guess that's why the block took place. But the real question is - why is it complaining about not being able to communicate with the ICAP server? When I run a test from any network, it blocks it just right and the violation is described accurately. Whenever this has happened there have been multiple generic violations detected with the traffic as well, but ONLY AV protection is in Blocking mode - generic signatures are just alerting for analysis. Does anyone have more experience with such cases? Any ideas why this is happening? Thank you!
[AV Check] How to disable checking if Windows Defender is up-to-date during client-side check
Hello DevCentral users, I am currently trying to figure out how to avoid running into issues when one of my users has eSet Endpoint Security installed on their Windows 10 devices. When a user installs eSet Endpoint Security it automatically disables the built-in Windows Defender. This disabled Windows Defender however is being found by the antivirus client-side check in my Access Policy. The user is then not able to log into my SSL-VPN. I would like to know how to built an antivirus client-side check into my Access Policy where it doesn't matter which AV product a user has as long as its virus definitions have been updated at least 7 days ago, like this: I've added Windows Defender as a second AV but when I do get it to work (no check on if the definitions are up-to-date) it won't suffice for users who only have Windows Defender installed. Does anyone have any tips or tricks on how to set this up? Thanks in advance!
