What is the ESAP Diagnostic Tool?
The ESAP diagnostic tool is a Windows-based log collection tool for Endpoint Security issues related to pre-defined Anti-Virus, Firewall and Anti-Spyware. This tool is designed to ease the process of log collection for ESAP related issues. The tool is ESAP version specific. Each ESAP release has a different version of OPSWAT SDK built into it, and hence this tool is also version specific for every ESAP release. Also note that this tool is built for V3 SDK, which means that it is only useful for issues on software versions PCS 7.2 / PPS 4.2 and above.
The tool is available for download at: my.pulsesecure.net
- Login to my.pulsesecure.net
- Click Licensing and Download Center
- From the top menu, click Downloads
- Under Browse My Software and Documentation, click Pulse Secure > Pulse Connect Secure or Pulse Policy Secure
- Click Endpoint Security Assessment Plug-in
- Click on the correspond ESAP release
- Click on the EULA agreement
- Click ps-esap-X.X.X-diag-tool.exe
Note: This tool is available only for collecting logs or verifying fixes for issues on PCS 7.2 / PPS 4.2 and above..
How do you use the ESAP Diagnostic Tool?
Copy the tool to the end-user system where you want to collect the logs for debugging ESAP related issues.
Run the tool.
- If you are running this tool to diagnose a problem with Agentless Host Checker, run as the current user.
- If you are running this tool to diagnose a problem with OAC or Pulse, run as administrator.
If you see the following prompt, click OK to confirm that you want to run OPSWAT’s OESISDiagnose tool.
Collect log file.
%AllUsersProfile%\Application Data\Juniper Networks\Logging\OpswatDiagnose<timestamp>.zip
Please note that Starting ESAP 2.8.6 the diagnostic tool for Windows places the collected log file on the Desktop and renames the file to .zi
This was done to facilitate easy retrieving of the file from the desktop location and easy transfer using email.
What does the ESAP Diagnostic Tool collect?
OESISDiagnose.log generated by
OESISDiagnose.exe shipped with the latest SDK or the one packaged in this tool when run against OPSWAT binaries in:
- HC install directory: This gets the
OESISDiagnose.exe is run against the OPSWAT dll’s that are packaged in the current running ESAP in the IVE (that is, the latest OPSWAT dll’s that were installed after the last Host Check). The tools collect logs for:
- Agentless Host Checker
- UAC Agentless Host Checker
- OAC TNC Client
- Pulse TNC Client Plugin
- Packaged OPSWAT SDK in the tool: The one packaged in the tool at the time it was built.
What are the Known issues and limitations?
- Host Checker’s installed version information (
- Information on currently installed ESAP where possible (
OESISDiagnose.exe issues a confirmation prompt (as shown below) whenever it is run:
While running the tool generated for ESAP 2.4.2 and above on a system which has DLLs from an ESAP older than 2.4.2 in Agentless Host Checker (HC), Odyssey Access Client HC or Pulse HC directory, the following error occurs (OESISDiagnose.exe - Entry Point Not Found) and the logs are not generated.
OESISDiagnose.exe from the corresponding older version is needed to generate the relevant log file.
For instructions on running ESAP Diagnostic Tool for Mac OS and collecting the logs on Windows Platform, refer to KB29633 - [Host Checker] Endpoint Security Assessment Plug-in (ESAP) Diagnostic Tool for PCS 7.2 / PPS 4.2 and above on Mac OS Platform