We have a few questions about how this assertion works that are not answered in the help documentation.
1. Is there logging that can be turned up to see the actual request sent to the AV software by this assertion and the response returned by the AV software?
2. Does this assertion fully support the REQMOD function thereby if the AV software returns a modified request the assertion replaces the original request with the modified request before allowing the policy to continue?
3. If the AV software returns a 403 - Forbidden does the assertion fail with that as the error code or does it simply fail and require the calling policy to have set a custom error response to return the 403 - Forbidden?
Hi. Those are good questions. I'll see if I can find anything.
This is what I've been able to find out from the Engineering team: