Endpoint AV failures

Question

Hi 
&nbsp;  
&nbsp; We're having problems with endpoint security within Firepass. 
&nbsp;  
&nbsp; Firepass v6.0.3 
&nbsp;  
&nbsp; Client: 
&nbsp;  Vista 
&nbsp;  Avira AntiVir 
&nbsp;  
&nbsp; Using the default AV Check the client falls through to fallback. I've placed a write to logon log on the fallback path with: 
&nbsp;    monitor: %session.av.summary.monitor% 
&nbsp;    count: %session.av.summary.count% 
&nbsp;  
&nbsp; The output into the logs is: 
&nbsp;    
&nbsp; pre-logon:  monitor: 0 
&nbsp;                 count: 0 
&nbsp;  
&nbsp; So it would appear the AV check isn't detecting the AV software on the client.  
&nbsp;  
&nbsp; Any advise would be appreciated.

victors_96310 · Answer

Try this for your AV rule: 
&nbsp; (session.av.summary.monitor &gt;= 1) AND (NOT(EXIST(session.av_scan.infected) AND (session.av_scan.infected != 0))) 
&nbsp;  
&nbsp; And try this for your logger: 
&nbsp; Antivirus: %session.detected_av.av_1.name%,  
&nbsp; %session.detected_av.av_1.monitor%, 
&nbsp;   
&nbsp; Antivirus2: %session.detected_av.av_2.name%,  
&nbsp; %session.detected_av.av_2.monitor%,

mike_61719 · Answer

It is an Opswat issue, install the latest version. You will have issues with Opswat and the engine versions of software, best case is to install an AV solution that rarely changes versions.

Forum Discussion

Endpoint AV failures

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Apache Airflow Unsafe API Endpoint

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Using VPC Endpoints with Cloud Failover Extension

Zero Trust building blocks - Leverage Microsoft Intune endpoint Compliance with F5 BIG-IP APM Access

Monitoring Failure OAuth request