I am attempting to set up a dynamic access policy on ASA to check if a specific antivirus software is installed. We use "Sophos Intercept X" for endpoint security. I have not been successful yet in configuring a policy that checks if that specific antivirus is installed. I tried adding an endpoint attribute of the Anti-Malware type to the dynamic access policy with vendor "Sophos Limited" and product description "Sophos Endpoint Agent" since "Sophos Intercept X" is not in the list of available anti-malware software and it seemed to be closest, however this did not recognize the antivirus. I think it might need to match "Sophos Intercept X" which is what is displayed as the installed antivirus in the Windows Security center on the client, but that is not available in the list on the ASA.

I was able to use a logical expression to check if ANY antivirus is installed with the following LUA script, which does work:

assert(function()
for k,v in pairs(endpoint.av) do
if (EVAL(v.exists, "EQ", "true", "string")) then
return true
end
end
return false
end)()

Is there any way that I can add a new antivirus to the ones that the ASA "knows about"? Or, is there a way I can use the LUA script to check for a specific antivirus by name? I have not been able to find any relevant documentation or examples of how this can be done.