https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-Canonical-list-of-supported-detectable-anti-virus-clients/m-p/232700#M2823 <P>We've recently been looking at tightening up our SCV policy for BYOD devices running the standalone VPN client.</P> <P>Looking over the R81&nbsp;<SPAN>Remote Access VPN Administration Guide, there is mention of some clients that are supported, but it differs depending on which section you look at.</SPAN></P> <P><SPAN>For example, at the top of the section "Secure Configuration Verification - Advanced", it mentions this:</SPAN></P> <UL> <LI> <P><SPAN class="Menu_Options"><SPAN class="mc-variable Vars_BladesFeatures.tp_av variable">Anti-Virus</SPAN><SPAN>&nbsp;</SPAN>Monitor</SPAN><SPAN>&nbsp;</SPAN>- Verifies that an<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_BladesFeatures.tp_av variable">Anti-Virus</SPAN><SPAN>&nbsp;</SPAN>is running and checks its version. Supported: Norton, Trend Office Scan, and McAfee.</P> </LI> </UL> <P>But when you expand the Anti-Virus monitor section, it mentions this:</P> <TABLE class="TableStyle-TP_Table_Dark_Header_and_Pattern" cellspacing="0"> <TBODY> <TR class="TableStyle-TP_Table_Dark_Header_and_Pattern-Body-White_Background"> <TD class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyE-Column_Style-White_Background"> <P><CODE>Type ("av_type")</CODE></P> </TD> <TD class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyD-Column_Style-White_Background"> <P>Type of<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_BladesFeatures.tp_av variable">Anti-Virus</SPAN>. For example, "Norton", "VirusScan", "McAfee", "OfficeScan", or "ZoneLabs".</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>In the "local.scv" file itself this is obviously a free text field, but how free?&nbsp; How would we detect "Windows Defender" on a Windows machine, for example, and is that even possible?</P> <P>Howard</P> Thu, 14 Nov 2024 10:24:23 GMT Howard_Gyton 2024-11-14T10:24:23Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-Canonical-list-of-supported-detectable-anti-virus-clients/m-p/232700#M2823 <P>We've recently been looking at tightening up our SCV policy for BYOD devices running the standalone VPN client.</P> <P>Looking over the R81&nbsp;<SPAN>Remote Access VPN Administration Guide, there is mention of some clients that are supported, but it differs depending on which section you look at.</SPAN></P> <P><SPAN>For example, at the top of the section "Secure Configuration Verification - Advanced", it mentions this:</SPAN></P> <UL> <LI> <P><SPAN class="Menu_Options"><SPAN class="mc-variable Vars_BladesFeatures.tp_av variable">Anti-Virus</SPAN><SPAN>&nbsp;</SPAN>Monitor</SPAN><SPAN>&nbsp;</SPAN>- Verifies that an<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_BladesFeatures.tp_av variable">Anti-Virus</SPAN><SPAN>&nbsp;</SPAN>is running and checks its version. Supported: Norton, Trend Office Scan, and McAfee.</P> </LI> </UL> <P>But when you expand the Anti-Virus monitor section, it mentions this:</P> <TABLE class="TableStyle-TP_Table_Dark_Header_and_Pattern" cellspacing="0"> <TBODY> <TR class="TableStyle-TP_Table_Dark_Header_and_Pattern-Body-White_Background"> <TD class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyE-Column_Style-White_Background"> <P><CODE>Type ("av_type")</CODE></P> </TD> <TD class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyD-Column_Style-White_Background"> <P>Type of<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_BladesFeatures.tp_av variable">Anti-Virus</SPAN>. For example, "Norton", "VirusScan", "McAfee", "OfficeScan", or "ZoneLabs".</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>In the "local.scv" file itself this is obviously a free text field, but how free?&nbsp; How would we detect "Windows Defender" on a Windows machine, for example, and is that even possible?</P> <P>Howard</P> Thu, 14 Nov 2024 10:24:23 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-Canonical-list-of-supported-detectable-anti-virus-clients/m-p/232700#M2823 Howard_Gyton 2024-11-14T10:24:23Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-Canonical-list-of-supported-detectable-anti-virus-clients/m-p/233026#M2824 <P>This AV check predates what is probably the better way to achieve this: using&nbsp; WindowsSecurityMonitor&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/Content/Topics-VPNRG/Secure-Configuration-Verification.htm" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/Content/Topics-VPNRG/Secure-Configuration-Verification.htm</A>&nbsp;<BR />With this, you can use any AV that Microsoft detects, which I assume would also include Defender <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR />The procedure for finding the exact name to use in SCV is here:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/Content/Topics-VPNRG/Secure-Configuration-Verification-Advanced.htm?tocpath=_____11" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/Content/Topics-VPNRG/Secure-Configuration-Verification-Advanced.htm?tocpath=_____11</A>&nbsp;</P> Mon, 18 Nov 2024 16:08:31 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-Canonical-list-of-supported-detectable-anti-virus-clients/m-p/233026#M2824 PhoneBoy 2024-11-18T16:08:31Z