Product Documentation

Advanced Endpoint Analysis Scans

Advanced End-point Analysis (EPA) is used for scanning user devices for endpoint security requirement configured on a NetScaler Gateway appliance. If a user device tries to access the NetScaler Gateway appliance, the device is scanned for security information, such as operating system, antivirus, web browser versions and so forth before an administrator can grant access to the NetScaler Gateway appliance.

The Advanced EPA scan is a policy-based scan that you can configure on a NetScaler Gateway appliance for pre-authentication and post-authentication sessions.  The policy performs a registry check on a user device and based on evaluation, the policy allows or denies access to the NetScaler network.

You can perform two types of EPA scan, OPSWAT scan and System scan. The following section explain the scan types and its details.

OPSWAT scan. The scan mechanism provides security at different levels such as:  

  • Product specific scan
  • Vendor specific scan
  • Generic scan

Product specific scan: You can configure scan criteria for a particular product (e.g. Avast! Free Antivirus) offered by a particular vendor (e.g. AVAST Software a.s.) for a category (e.g. Antivirus). The access is granted only to the computers fulfilling the specified criteria.**

Vendor specific scan: You can configure scan criteria for a particular vendor (e.g. AVAST Software a.s.) of a category (eg. Antivirus). The configured scan checks for the specified criteria across all the products offered by the vendor. The access is granted only to the computers fulfilling the specified criteria.

Generic scan: You can configure scan criteria for a particular category (eg. Antivirus). The configured scan checks for the specified criteria across all the vendors and the products offered by the vendors. The access is granted only to the computers fulfilling the specified criteria.

System Scan. The System scan provides security for system level attributes such as MAC address. You can configure scan criteria for a system attribute (e.g. MAC Address). The access is granted only to the computers fulfilling the specified criteria.

Advanced Endpoint Analysis Scans

In this article