F5 endpoint inspector issue with OSX 10.15.7

Question

Hello!While tuning APM Access Policy I faced with some misunderstanding in how OPSWAT OESIS framework is used by F5 endpoint inspector. A client running 10.15.7 OSX was denied to access web app due to Patch Management OS check failure. Could somebody clearify a little how to understand what exactly F5 Endpoint inspector checks at the stage of checking the OS for patch management and antivirus. Does it inquire the embedded OS subsystem responsible for updates and receives responce from this subsystem if everything is ok or not, or does F5 endpoint inspector checks specific system files on the client machine to determine current version number of OS/AV running? It is also interesting where does F5 endpoint inspector gets the latest MacOS version from - are some OPSWAT servers engaged, etc., from which host the request is issued in this case - F5 or the node itself that is being checked? What if there is no access to the Internet from any of the devices. Really appreciate your help.

boneyard · Answer

i have always understood it as that the F5 endpoint inspector contains the OPSWAT code to check for such things. so it doesnt look at file or such for this. it is the OPSWAT inspection code that does this on the client.

you can update the OPSWAT information on the BIG-IP, do that here: System > Software Management > Antivirus Check Updates.

see also: https://support.f5.com/csp/article/K48955220

Forum Discussion

F5 endpoint inspector issue with OSX 10.15.7

1 Reply

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

Apache Airflow Unsafe API Endpoint

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Using VPC Endpoints with Cloud Failover Extension

Zero Trust building blocks - Leverage Microsoft Intune endpoint Compliance with F5 BIG-IP APM Access

IPSec Tunnel Endpoint iApp