Bug ID 553063: Epsec version rolls back to previous version on a reboot

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
13.0.0, 12.1.0, 11.6.1, 11.5.4 HF3

Opened: Oct 16, 2015
Severity: 3-Major
Related AskF5 Article:


If administrator has installed multiple EPSEC packages, after a reboot the EPSEC version rolls back to the previously installed version.


OPSWAT version rolls back without prompting or logging. This might open up the end-point security issues that are supposed to be fixed by the latest installed OPSWAT package.


The BIG-IP system needs to be rebooted for this issue to be seen, and multiple EPSEC packages must have been installed on the system before the reboot.


The workaround is to upload a dummy file in Sandbox. 1. Go to Access Policy :: Hosted Content :: Manage Files. 2. Upload any dummy file, even a 0 byte file. Change the security level to 'session'. After this change, even if you reboot or shutdown-restart, the EPSEC version does not revert.

Fix Information

The most recently installed EPSEC version now remains configured, and does not roll back after reboot or shutdown-restart.

Behavior Change