Product Documentation

Configuring Advanced Endpoint Analysis Scans

You can configure two types of EPA scan, OPSWAT scan and System scan.

Configuring OPSWAT Scan

The following OPSWAT scans are configured on a NetScaler Gateway appliance.

  • Product specific scan
  • Vendor specific scan
  • Generic scan

Note: Scans that are supported by a particular product get displayed in the GUI. Also, the following OPSWAT scan configuration takes pre-authentication EPA as an example. OPSWAT scan can be configured for post-authentication EPA as well.

Configuring Product specific OPSWAT Scan

To use the NetScaler GUI to configure product specific OPSWAT scan:

  1. Navigate to Configuration> Citrix NetScaler> Global Settings.

  2. On the Global Settings page, click Change Preauthentication settings link.

  3. On the Configure AAA Preauthentication Parameter page, click OPSWAT EPA Editor link.

  4. Under Expression Editor area, select the operating system.

    localized image

  5. Select the category, for example Antivirus.

    localized image

  6. Select the vendor, for example AVAST Software a.s.

    localized image

  7. Select the product, for example Avast! Free Antivirus.

    localized image

  8. Click + next to the product drop-down menu to configure the product scan.

    localized image

  9. Optionally enter a value for frequency of scan if you want a periodic scan.

    localized image

Configuring Vendor specific OPSWAT Scan

To use the NetScaler GUI to configure Vendor specific OPSWAT scan:

  1. Navigate to Configuration> Citrix NetScaler> Global Settings.

  2. On the Global Settings page, click Change Preauthentication settings link.

  3. On the Configure AAA Preauthentication Parameter page, click OPSWAT EPA Editor link.

  4. Under Expression Editor area, select the operating system.

    localized image

  5. Select the category, for example Antivirus.

    localized image

  6. Select the vendor, for example AVAST Software a.s.

    localized image

  7. Select Generic ‘AVAST Software a.s’ Scan vendor specific scan.

    localized image

  8. Click + next to the product drop-down menu to configure your scan.

    localized image

  9. Optionally enter a value for frequency of scan if you want a periodic scan.

    localized image

Configuring Generic OPSWAT Scan

To use the NetScaler GUI to configure Generic OPSWAT scan:

  1. Navigate to Configuration> Citrix NetScaler> Global Settings.

  2. On the Global Settings page, click Change Preauthentication settings link.

  3. On the Configure AAA Preauthentication Parameter page, click OPSWAT EPA Editor link.

  4. Under Expression Editor area, select the operating system.

    localized image

  5. Select the category, for example Antivirus.

    localized image

  6. Select “Generic” category specific scan, for example Generic Antivirus Product Scan.

    localized image

  7. Click + next to the product drop-down menu to configure your scan.

    localized image

  8. Optionally enter a value for the frequency of the scan if you want a periodic scan.

    localized image

Configuring System Scan

The following system scans are configured on a NetScaler Gateway appliance.

  • MAC Address
  • Domain Check
  • Numeric Registry
  • Non-numeric Registry
  • Windows Update

To use the NetScaler GUI to configure OPSWAT System scan:

  1. Navigate to Configuration> Citrix NetScaler> Global Settings.

  2. On the Global Settings page, click Change Preauthentication settings link.

  3. On the Configure AAA Preauthentication Parameter page, click OPSWAT EPA Editor link.

  4. Under Expression Editor area, select the operating system.

    localized image

  5. Select the desired system scan from the dropdown menu. For example, MAC Address.

    localized image

  6. Click on the + next to the product drop-down menu to configure your scan.

    localized image

  7. Optionally enter a value for the frequency of the scan if you want a periodic scan.

    localized image

Upgrade EPA libraries

To use the NetScaler GUI to upgrade EPA libraries:

  1. Navigate to Configuration> Citrix NetScaler> Update Client Components.

  2. Under Update Client Components, click Upgrade EPA Libraries link.

  3. Choose the required file and click Upgrade.

For the list of Windows and MAC Supported applications by OPSWAT for NetScaler scans click  https://support.citrix.com/article/CTX207623.

To configure a preauthentication profile using Advanced Endpoint Analysis expressions

  1. In the configuration utility, in the navigation pane, expand the NetScaler Gateway node, and then the Policies subnode.
  2. Select Preauthentication.
  3. In the details pane, on the Profiles tab, click Add.
  4. Enter a name for the profile.
  5. Select an action.
  6. Optionally, enter the names of any processes to be stopped or files to be deleted on the client endpoint system.
  7. Click Create.

Your profile is now available for use in a preauthentication policy as a Request Action

To configure a preauthentication policy using Advanced Endpoint Analysis expressions

  1. In the configuration utility, in the navigation pane, expand the NetScaler Gateway node, and then the Policies subnode.
  2. Select Preauthentication.
  3. In the details pane, on the Policies tab, click Add.
  4. Enter a name for the policy.
  5. From the Request Action menu, select the desired profile.
  6. In the Expression pane, select OPSWAT EPA Editor.
  7. In the first pull down menu, select a client operating system.
  8. In the second pull down menu that appears, select a scan type. 
  9. When you finish building the policy, click Create.

You must bind your Advanced Endpoint Analysis preauthentication policy to enable it.

To bind a preauthentication policy

  1. In the configuration utility, in the navigation pane, expand the NetScaler Gateway node, and then the Policies subnode.
  2. Select Preauthentication.
  3. In the details pane, on the Policies tab, click Add.
  4. From the Action menu, select Global Bindings.
  5. Click Bind.
  6. In the Policies detail pane that appears, select the check box next to the desired policy.
  7. Click Insert.
  8. The policy is automatically assigned a priority (weight). Click the Priority entry to edit as needed.
  9. Click OK to bind the policy.

To configure an Advanced Endpoint Analysis policy for specific sessions

  1. In the configuration utility, in the navigation pane, expand the NetScaler Gateway node, and then the Policies subnode.
  2. Select Session.
  3. In the details pane, on the Policies tab, click Add.
  4. Enter a name for the policy.
  5. In the Action menu, do one of the following:
    • a. Select an existing action.
    • b. Click the plus icon to display the configuration parameters that can be set by the session policy. Click the Override Global check box to the right of a configuration option to activate it. Select Create.
  6. In the Expression pane, select OPSWAT EPA Editor.
  7. In the first pull down menu, select a client operating system.
  8. In the second pull down menu that appears, select a scan type.
  9. When you finish building the policy, click Create.

You must bind your Advanced Endpoint Analysis session policy to enable it.

To bind a session policy

  1. In the configuration utility, in the navigation pane, expand the NetScaler Gateway node, and then the Policies subnode.
  2. Select Session.
  3. In the details pane, on the Policies tab, click Add.
  4. From the Action menu, select Global Bindings.
  5. Click Bind.
  6. In the Policies detail pane that appears, select the check box next to the desired policy.
  7. Click Insert.
  8. The policy is automatically assigned a priority (weight). Click the Priority entry to edit as needed.
  9. Click OK to bind the policy.

Configuring Advanced Endpoint Analysis Scans