Document Actions
7.6. Antivirus Verification
Starting with ThinLinc 1.4.1, antivirus verification is possible. The client can be configured not to allow login if a local antivirus software is not installed or up to date. Additionally, the client reports the antivirus status to the server, which can also enforce antivirus protection. The section below describes the client configuration. The server configuration is described in Section 14.5, “ Verifying Client Antivirus software ”.
Note:
Antivirus verification is only available for systems which supports the Security Center (available on Windows XP with Service Pack 2 and later), running the native Windows ThinLinc client. Additionally, the antivirus software must provide a WMI (Windows Management Instrumentation) interface.
When the client starts, it determines the system antivirus security level. The security levels are defined as:
-1: The antivirus status could not be determined. This might be caused by a system error, but will also occur if the client is running on a system which does not support the Security Center. With the server side verification, this level could also indicate that the connecting client does not support antivirus verification.
0: No antivirus software is installed or activated.
1: An active antirvirus software was found, but it is not up to date.
2: An active and up to date antivirus software was found.
The configuration of the antivirus verification cannot be done via the GUI. It is necessary to set the configuration parameters via a registry editor. Two parameters controls the antivirus verification. Both are of the type DWORD and located in the registry key Software\Cendio\ThinLinc\tlclient , either in the HKCU or HKLM Hive.
- ANTIVIRUS_SECURITY_LEVEL
This parameter defines the enforced security level. If the current system antivirus security level is less than the value of this parameter, login will not be allowed. To completely disable antivirus verification, set this parameter to -1.
- ANTIVIRUS_ALLOW_UNCHECKED
As a special case, if the current system antivirus security level is -1 (the antivirus status could not be determined) and this parameter is true, login is allowed. Set this parameter to true if login should be allowed on systems without Security Center (even when ANTIVIRUS_SECURITY_LEVEL is greater than -1), such as Windows 2000.