Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
1
Replies

LUA script to check for no antivirus on PC for DAP policy

carl_townshend
Spotlight
Spotlight

‎03-07-2025 02:06 AM

Hi All

I am looking at doing hostscan on my FTD to ensure that people who connect to my RA vpn get terminated if they do not have any antivirus software installed. You cannot do it the normal way by checking attributes it appears, as you cannot put "any" AV or check if something is NOT there.

I have seen some examples online for LUA scripts but none seem to work.

Has anyone got an LUA script they scan show me that works that I can use on our FTD to check for no AV when assigning a DAP policy.?

Many thanks

Labels:
0 Helpful
1 Reply 1

Mark Ftc
Level 1
Level 1

‎03-08-2025 12:36 PM

I'm not sure about LUA - but there might be a way to achieve your desired outcome under the regular DAP criteria.  I have not tested this out to verify legitimacy.

1: Create your DAP policy with your first record (lowest priority value) set to 'terminate'.  This will be the DAP record that will be evaluated first and it will have the endpoint criteria set in a way to only trigger if no detectable Anti-malware/Anti-virus is installed on the endpoint.  Any other DAP records you want can be configured with a higher priority value and will be evaluated after this first record.  [View the screenshots "DAP-Question-DAP-Policy-Structure" and "DAP-Question-Record-Creation"]

2:  Under the "Endpoint Criteria" section set the 'Match criteria' to 'All' and then start going through the list of all available/detectable Anti-malware/Anti-virus software and add them to your criteria.  If your goal is to reject connections if no Anti-virus software is install, then you will have to configure your DAP record to check the endpoint for all hostscan detectable Anti-virus software and verify they are not installed.  This will probably be pretty tedious to configure as there are a bunch of vendors/software detectable in this section.  When you are adding  a new vendor/software to this list, you will need to make sure the 'installed' box is not checked and no other defining criteria is set (like version number or update time frame values).  [View the screenshots "DAP-Question-Endpoint-Criteria-Policy" and "DAP-Question-Endpoint-Criteria-Record"]

Once configured, this DAP record will only trigger after its checked the endpoint for all detectable Anti-malware/Anti-virus software and verified none of them are installed.  At which point your 'terminate' action will kick in and the endpoint will not establish a VPN connection.

Typically the hostscan criteria is more targeted than this, and I'm not sure if this will cause a long delay in VPN connection establishment as so many endpoint criteria are being evaluated.  Or its possible other oddities/quarks may arise with a long list of endpoint criteria.  Let me know if you end up testing this - I'm interested in hearing the result.

Preview file
32 KB
Preview file
53 KB
Preview file
51 KB
Preview file
49 KB
0 Helpful
Customers Also Viewed These Support Documents