EPA scan expression not detecting VIRDEF-FILE-TIME in Windows Defender

book

calendar_today

EPA scan fails for expression: CLIENT.APPLICATION('ANTIVIR_0_0_VIRDEF-FILE-TIME_<=_7200[COMMENT: Generic Antivirus Product Scan]') EXISTS

With the latest 12.0.57.9 and v4 OPSWAT we are failing on the check for "VIRDEF-FILE-TIME"

Expression used for Pre-Auth " CLIENT.APPLICATION('ANTIVIR_0_0_VIRDEF-FILE-TIME_<=_7200[COMMENT: Generic Antivirus Product Scan]') EXISTS"

I have McAfee anti-virus and just updated so this above condition should have matched and we should have had access but it failed and denied.

epaHelper_epa_plugin.txt

=========================

EPA library log file

Version: 1,1,2,0

Date: 03/14/2018

Time: 14:41:49

=========================

14:41:49.362 Validating cached epaPackage directory. Path C:\Users\anilsa\AppData\Local\Citrix\AGEE\epaPackage\

14:41:49.362 setConfig got called with allowLogging 1 and configString lang=en

14:41:49.362

--------------------- Scan--------------------------------

14:41:49.362 Successfully parsed tokens

14:41:52.559 Opswat lib init is successful

14:41:52.562 Loaded product name file

14:41:52.858 Found a product with product ID 362 and vendor ID 90

14:41:52.859 Found a product with product ID 519 and vendor ID 379

14:41:52.864 scan failed because (null) defination is not updated

14:41:52.889 scan failed because (null) defination is not updated

14:41:52.889 Lang ID: en

14:41:52.889 Scan 'ANTIVIR_0_0_VIRDEF-FILE-TIME_<=_7200' failed for method 'VIRDEF-FILE-TIME'

14:41:52.949 Collected error messages from EPA lib

14:41:54.483 Doing Cleanup

ideally the time check option doesnt work so if you make the option greater than something like below:

VIRDEF-FILE-TIME_>_1

it should work fine

issue was identified as 706237 fix will be available in updated EPA libraries 1.1.2.0 upwards(not inclusive)

epa scan fails with "VIRDEF-FILE-TIME" as this is correctly checked

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"