The Netscaler advanced Endpoint Analysis checks are quite literally only available with version 10.1.120.1316.e It doesnt mean this version and greater, just this specific version. So if you are after the funky Advanced EPA scanning and cant enable or find it anywhere. 1) you have to run this version 10.1.120.1316.e of the netscaler firmware, 10.1.120.1316.e 2) you […]
My (non exhaustive) list of helpful Netscaler session policies expressions for EPA. SCAN REGISTRY (Advanced free-form) CLIENT.REG(‘HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters_Domain’).VALUE == domain.local CLIENT.REG(‘HKEY_LOCAL_MACHINE_64\\SOFTWARE\\McAfee\\AVEngine_AVDatVersion’).VALUE == 6198. CLIENT.REG(‘HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\AVEngine_AVDatVersion’).VALUE == 6198. CHECK FOR FILE EXISTENCE CLIENT.FILE(‘C:\\WindowsCompany_Laptop.txt’) CHECK FOR RUNNING PROCESS CLIENT.APPLICATION.PROCESS(firewall.exe) EXISTS CHECK OS VERSION (Match any expresssion) CLIENT.OS(winxp).SP == 2 CLIENT.OS(win7) EXISTS DETECT (or not) CITRIX RECEIVER (Match any) REQ.HTTP.HEADER […]