Reasons: Symantec Hosted Endpoint Protection 3.00.10.2737 does not comply with policy. Compliance requires latest virus definitions.
- Check if the antivirus product meets the requirements of the host Checker policy, such as whether it has recently updated virus definitions, that the antivirus product is running and Real time Protection (RTP) enabled, and/or if a system scan was performed recently and remediate any deficiencies.
- Ask the user what the Antivirus product and version, supplying screenshots if possible and reference the List of Supported Products for ESAP version to see what can be checked and if requires any specific permissions for the evaluation methods.
- Check the latest ESAP Release Notes and Supported Products in case support was added or a problem fixed for reported antivirus version.
Data collection for Support
- If Host checker still fails after remediation attempts, if the product and/or version is not listed as supported then generate ESAP diagnostic output and open a case requesting support be added in a future ESAP release, including the ESAP diagnostic output and screenshots of the Antivirus product and version.
- If the Antivirus product and version are supported, the required permissions for the evaluation methods are met, and the product is compliant with the configured checks then gather the following data and open a case and attach the data.
- Is this for all users with a certain antivirus product and version or do some pass? Is there anything common about the set of affected users e.g. certain OS and/or patches; non-admin users; they have other Antivirus products installed?
- Screenshots of any error messages.
- Screenshots of the Antivirus product about page.
- Access log entries for the users connection attempt captured in the client deubglog.
- ESAP diagnostic output generated after the failed host checker attempt.
- For the client debuglog, if Pulse is used then set detailed level logging in the client via File > Logs > Log Level and then attempt to connect. Once the Host Checker failure message is displayed save the client log file from the Pulse client.