Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.6.2 HF1, 11.4.0, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.0 HF4, 11.5.1 HF5, 11.4.1 HF6
Opened: Jun 10, 2014 Severity: 3-Major Related Article:
K16692
If continuous software check (for antivirus, firewall and so on) is configured to ignore certain configurations (state, last scan time, and so on.) and any of these configurations changes on the client system, then continuous check kills the session. For example, if a continuous antivirus software check on server is configured to ignore the last scan time, for example, and if antivirus last scan time changes in the middle of the policy (or if a scan completes in the middle while in connection), then continuous software check kills the session. This happens because recurrent software check compares the entire result string of the antivirus check with the result string returned by the first check.
The impact of this issue is that continuous checks could kill the session.
This occurs when all of the following are true: 1. Software checks (Antivirus, Firewall, and so on), Windows File, or Windows Process are included in the access policy. 2. Continuous software check is enabled. 3. The client is a Windows-based system.
This issue has no workaround at this time.
Continuous policy checks now do not kill the session if a property that was configured to be ignored changes on the client side.