Bug ID 466325: Continuous policy checks on windows might fail incorrectly in some cases

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.6.2 HF1, 11.4.0, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF4, 11.5.1 HF5, 11.4.1 HF6

Opened: Jun 10, 2014

Severity: 3-Major

Related Article: K16692


If continuous software check (for antivirus, firewall and so on) is configured to ignore certain configurations (state, last scan time, and so on.) and any of these configurations changes on the client system, then continuous check kills the session. For example, if a continuous antivirus software check on server is configured to ignore the last scan time, for example, and if antivirus last scan time changes in the middle of the policy (or if a scan completes in the middle while in connection), then continuous software check kills the session. This happens because recurrent software check compares the entire result string of the antivirus check with the result string returned by the first check.


The impact of this issue is that continuous checks could kill the session.


This occurs when all of the following are true: 1. Software checks (Antivirus, Firewall, and so on), Windows File, or Windows Process are included in the access policy. 2. Continuous software check is enabled. 3. The client is a Windows-based system.


This issue has no workaround at this time.

Fix Information

Continuous policy checks now do not kill the session if a property that was configured to be ignored changes on the client side.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips