Forum Discussion

DLP_138742's avatar
DLP_138742
Icon for Nimbostratus rankNimbostratus
Apr 07, 2016

[AV Check] How to disable checking if Windows Defender is up-to-date during client-side check

Hello DevCentral users,

 

I am currently trying to figure out how to avoid running into issues when one of my users has eSet Endpoint Security installed on their Windows 10 devices. When a user installs eSet Endpoint Security it automatically disables the built-in Windows Defender. This disabled Windows Defender however is being found by the antivirus client-side check in my Access Policy. The user is then not able to log into my SSL-VPN.

 

I would like to know how to built an antivirus client-side check into my Access Policy where it doesn't matter which AV product a user has as long as its virus definitions have been updated at least 7 days ago, like this:

 

I've added Windows Defender as a second AV but when I do get it to work (no check on if the definitions are up-to-date) it won't suffice for users who only have Windows Defender installed.

 

Does anyone have any tips or tricks on how to set this up?

 

Thanks in advance!

 

7 Replies

  • What version LTM are you using and what version of the epsec version? I had some issues from the one released last August but when I updated to the one released in March, it fixed a lot of the issues. I say that because that should work.

     

    • DLP's avatar
      DLP
      Icon for Nimbostratus rankNimbostratus
      Ah sorry I should have mentioned that. We're running version 12.0 and the latest epsec 1.0.0-420.0. Doesn't work in this case though :(
    • Grayson_149410's avatar
      Grayson_149410
      Icon for Nimbostratus rankNimbostratus
      Have you checked the logs on the session and see what it is returning? Try setting the AP logging to a higher level to see more details.
    • DLP's avatar
      DLP
      Icon for Nimbostratus rankNimbostratus
      Yes I did check the logs. I'm going to copy & paste that in a reply to my own question because it won't show up properly here in a direct comment to your Answer.
  • DLP's avatar
    DLP
    Icon for Nimbostratus rankNimbostratus
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.count;Session_Variable_Value=2;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.error;Session_Variable_Value=0;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.db_time;Session_Variable_Value=1459798252;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.db_version;Session_Variable_Value=1.217.613.0;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.engine_version;Session_Variable_Value=1.1.12603.0;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.errors;Session_Variable_Value=Failed to get 'last_scan'. code: -6 (Object not found) mId: 12 iId: 9
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.id;Session_Variable_Value=6009;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.name;Session_Variable_Value=Windows Defender;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.state;Session_Variable_Value=0;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.vendor_id;Session_Variable_Value=6;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.vendor_name;Session_Variable_Value=Microsoft Corp.;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_1.version;Session_Variable_Value=4.8.10240.16384;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.db_time;Session_Variable_Value=1459980000;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.db_version;Session_Variable_Value=13298 (20160407);
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.engine_version;Session_Variable_Value=1039 (20160219);
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.errors;Session_Variable_Value=Failed to get 'state'. code: -1 (General error) mId: 5 iId: 9
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.id;Session_Variable_Value=179009;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.name;Session_Variable_Value=ESET Endpoint Security;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.vendor_id;Session_Variable_Value=179;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.vendor_name;Session_Variable_Value=Eset Software;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.item_2.version;Session_Variable_Value=6.3.2016.0;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.result;Session_Variable_Value=0;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.sdk;Session_Variable_Value=3.6.10120.2;
    session.check_software./Common/windows_avandfw_act_av_check_ag.av.state;Session_Variable_Value=0;
  • DLP's avatar
    DLP
    Icon for Nimbostratus rankNimbostratus

    Anyone who can help me out with this issue? Any way to disable client-side checking for Windows Defender in Windows 10, or have it so that if a second AV product is installed that one gets preference or something?

     

  • Sorry, no answer but the same issue with windows 10 and bitdefender total security 2018, and 12.1.3 icm epsec 602