Error: "Invalid rule" Reported When Creating NetScaler Gateway Pre-Authentication Policy for 64-Bit Computers

Error: "Invalid rule" Reported When Creating NetScaler Gateway Pre-Authentication Policy for 64-Bit Computers

book

Article ID: CTX127600

calendar_today

Updated On:

Description

When creating a preauthentication policy to scan a client device for the existence of a file, NetScaler Gateway reports an "Invalid rule" error.

Example: On a Windows 7 32-bit operating system, an antivirus ".dat" file is situated in the folder:
"С:\Program Files\Common Files\McAfee\Engine\"
The corresponding pre-authentication policy to locate the file is:
CLIENT.FILE('C:\\\\Program\\Files\\\\Common\\Files\\\\McAfee\\\\Engine\\\\avvscan.dat).TIMESTAMP == 3dy

On a Windows 7 64-bit operating system, an antivirus ".dat" file is situated in the folder:
"С:\Program Files (x86)\Common Files\McAfee\Engine\"

Resolution

Use MS DOS short name for the folder, to resolve this issue.

Browse to the directory and run the command dir /x from the command prompt of the client, to locate MS DOS short names. Notice from the following screen shot, the MS DOS short name for Program Files (x86) is “PROGRA~2”.

User-added image

So the corresponding preauthentication policy expression is:
CLIENT.FILE('C:\\\\Progra~2\\\\Common\\ Files\\\\McAfee\\\\Engine\\\\avvscan.dat’).TIMESTAMP == 3dy

Problem Cause

Currently NetScaler Gateway does not have the capability to handle parentheses "()" in the body of an expression. In this case "(x86)" is part of the expression which represents the location of the programs folder in a 64-bit client and this is causing the issue.

Issue/Introduction

"Invalid rule" error reported when creating an Access Gateway Enterprise Edition pre-authentication policy for 64-bit computers.
Powered by Wolken Software