Reset Search
 

 

Article

KB40996 - How to troubleshoot ESAP related Predefined Antivirus Host Checker policy issues

« Go Back

Information

 
Last Modified Date6/14/2018 10:46 AM
Synopsis
This article describes how to troubleshoot ESAP related Predefined Antivirus Host Checker policy issues.
Problem or Goal
How to determine why a user fails authentication due to a failed Predefined Antivirus Host Checker policy.
Cause
Why a client could fail to pass a Predefined Antivirus Host Checker policy depends on what the configured policy is checking for and what Host Checker is reporting.

The Endpoint Security Assessment Plug-In (ESAP) package installed on the PCS/PPS includes SDKs from OPSWAT to detect Antivirus products and associated information.  Host Checker downloads these in a file named UnifiedSDK.zip, extracts them, performs the required Antivirus checks, and communicates the results of checking back to the PCS/PPS.

If the client does not successfully pass and the Host Checker policy is enforced then they will be notified and an optional remediation action and/or message can be displayed.

If user is not able to remediate the problem they will need to contact the administrator for help in resolving the security issue.   This guide aims to assist administrators with this process, giving them knowledge on what data to collect and supply when opening a Support case with Pulse Secure.
Solution

Recommended Prerequisites

     1. HC_AV_and_Patches 
         Reasons: Symantec Hosted Endpoint Protection 3.00.10.2737 does not comply with policy.  Compliance requires latest virus definitions.
  • Check if the antivirus product meets the requirements of the host Checker policy, such as whether it has recently updated virus definitions, that the antivirus product is running and Real time Protection (RTP) enabled, and/or if a system scan was performed recently and remediate any deficiencies.
  • Ask the user what the Antivirus product and version,  supplying screenshots if possible and reference the List of Supported Products for ESAP version to see what can be checked and if requires any specific permissions for the evaluation methods.
  • Check the latest ESAP Release Notes and Supported Products in case support was added or a problem fixed for reported antivirus version.
 

Data collection for Support

  • If Host checker still fails after remediation attempts, if the product and/or version is not listed as supported then generate ESAP diagnostic output and open a case requesting support be added in a future ESAP release, including the ESAP diagnostic output and screenshots of the Antivirus product and version.
  • If the Antivirus product and version are supported, the required permissions for the evaluation methods are met, and the product is compliant with the configured checks then gather the following data and open a case and attach the data.
  1. Is this for all users with a certain antivirus product and version or do some pass?   Is there anything common about the set of affected users e.g. certain OS and/or patches; non-admin users; they have other Antivirus products installed?
  2. Screenshots of any error messages.  
  3. Screenshots of the Antivirus product about page.
  4. Access log entries for the users connection attempt captured in the client deubglog.
  5. ESAP diagnostic output generated after the failed host checker attempt.
 
  • For the client debuglog, if Pulse is used then set detailed level logging in the client via  File > Logs > Log Level ​and then attempt to connect.   Once the Host Checker failure message is displayed save the client log file from the Pulse client.

 
Related Links
Attachment 1 
Created ByMatthew Spiers

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255