Pre-Logon Sequence - AV Check

Hi,

 

 

Version - FirePass 7.0.0

 

URM: URM-7.0-20100611

 

Service Check Date - November 14, 2011

 

 

HF:

 

 

HF-70-1

 

HF-338323-1

 

HF-342493-2

 

HF-339375-1

 

HF-70-3

 

HF-70-4.1-1

 

 

 

Problem description:

 

 

i have made a pre-logon sequence AV_check, only it seems not to workn with: session.av.summary.monitor check=1

 

 

(session.av.summary.monitor >=1) AND (NOT(EXIST(session.av_scan.infected) AND (session.av_scan.infected != 0)))

 

 

 

error:

 

 

[result] => logon_denied_form

 

[result_url] =>

 

[result_note] =>

 

[log_id201111211736224eca7e062261e] => c2hvd19jbGllbnRfZGF0YQ==

 

[detected_av] => Array

 

(

 

[av_1] => Array

 

(

 

[agent_id] => OPSWAT_AV

 

[data_version] => 1.0

 

[protect] =>

 

[update] =>

 

[need_update] =>

 

[expression_id] =>

 

[name] => MicrosoftAS

 

[features] => 2

 

[engine_version] => 1.1.7801.0

 

[database_version] => 1.115.2100.0

 

[database_signature] =>

 

[database_time] => 2011.11.18 00:07:26

 

[monitor] => enabled

 

[last_scan] => 2011.11.07 21:20:25

 

[gui_state] => hidden

 

[description] => Windows%20Defender

 

[database_age] => 3

 

[r_log_0] => Criteria failed - not an antivirus

 

)

 

 

[summary] => Array

 

(

 

[count] => 1

 

)

 

 

)

 

 

)

 

 

)

 

 

 

 

only when i change the value (session.av.summary.monitor >=1) to =0 then the check sequence pass.

 

 

client machine info:

 

i use fully updated

 

Kaspersky Internet Security 2012

 

application version: 12.0.0.374

 

AV db release date: 20111122

 

OS: Win7 x64 SP1