From the endpoint you can run the following CLI command in a shell on the Windows, macOS, or Linux device:

sdwan-client-cli --posture 

The output of this command displays Antivirus programs that are detected on the endpoint. In the example below, the Windows Defender Antivirus program has been detected.

If the user turns off their Antivirus protection, the SD-WAN Client app will detect this change in posture.

The user cannot access resources since their endpoint is not compliant with the Antivirus policy. The Orchestrator will log the connection attempts and the reason for blocking which will be due to the Context policy.

You can hover over each entry to get more details on the connection log. For Connection Blocked by Context you are shown:

Option Description
Connection The type of traffic the source initiated towards the destination.
OS The endpoint’s OS.
Location The geographic location of the user.
Antivirus The detected AV program running on the system.
Screen Saver If a screensaver password is set with a timeout.

Once the Antivirus is reactivated and is shown in compliance, the user’s access is restored to the network.