Reset Search
 

 

Article

KB43608 - Host Checker is taking longer than normal to complete the compliance check with ESAP 3.1.7 and ESAP 3.1.8

« Go Back

Information

 
Last Modified Date1/18/2018 1:14 AM
Synopsis
This article describes an issue where Host Checker is taking anywhere from one minute to several minutes to complete the compliance check while evaluating pre-defined Antivirus, Firewall and HD Encryption rules with ESAP 3.1.7 and ESAP 3.1.8 with v3 SDK's enabled.
Problem or Goal
After upgrading the ESAP package on the PCS device to ESAP 3.1.7 or ESAP 3.1.8 with v3 SDK's enabled, users report that they are waiting anywhere from one minute to several minutes for the Host Checker compliance check to complete when prior to upgrading the ESAP package, the Host Checker compliance check took 10 seconds or less. 

This issue is seen under the following conditions:
  • ESAP 3.1.7 or 3.1.8 is being used as the active ESAP package on the device.
  • Host Checker is configured for V3 SDK's* as follows:
Go to Authentication > Endpoint Security > Host Checker and scroll to the bottom of the page to the section Manage Endpoint Security Assessment Plugin Versions.  Check the setting to Activate Older Opswat SDK in ESAP for Host Checker policy evaluation.  If the option is checked, as per the screenshot below, then V3 SDK's are in use.  If the option is unchecked then V4 SDK's are in use. 

User-added image
  • Host Checker policies are defined with predefined rules configured for Antivirus, Firewall, and/or HD Encryption products.
  • Affects Windows 7, 8 and 10 OS versions.  
  • Affects both Pulse and Web browser Host Checker deployments.  (Host Checker with Pulse seems to take longer than Web browser.)
  • Affects both realm and role configurations, depending on where Host Checker is enforced.  
  • Host Checker runs and stays at "Checking Compliance" stage for a minute or more.
*See KB40318 - Impact / Changes between V3 and V4 OPSWAT SDK for more details.

 
Cause
During the compliance check, it is taking several seconds for OPSWAT v3 SDK's to collect the Antivirus, Firewall and/or HD Encryption info on the client with ESAP 3.1.7 and 3.1.8.

The delay can be seen in the Pulse client-side debuglog.log by checking the time it takes for the following events:  (Time Taken is expressed in milliseconds).
 
SYSTEM PulseSecureService.exe OpswatIMC p7432 t1D48 opsantivirusclient.cpp:223 - 'OpswatImcColData' Result of Antivirus API calls (Successfully called: FindInstalledProducts : Time Taken:11599.2, Successfully called: GetProductName : Time Taken:0.75705, Successfully called: GetProductVendor : Time Taken:0.922501 Call failed: GetLastFullScanTime : Time Taken:3322.32 : Error Code: ORC_ERR_NOT_FOUND: Error Desc : Object not found)
SYSTEM PulseSecureService.exe OpswatIMC p7432 t1D48 opsantivirusclient.cpp:227 - 'OpswatImcColData' Result of Antivirus data to monitor (Successfully called: CheckRTPState : Time Taken:5.08751, Successfully called: GetDataFileTime : Time Taken:1.67011, Successfully called: GetDataFileVersion : Time Taken:7.14312, Call failed: GetDataFileSignatures : Time Taken:0.881446 : Error Code: ORC_ERR_NOTSUPPORTED: Error Desc : Not supported, Successfully called: IsUpdateInProgress : Time Taken:295.245, Successfully called: IsFullScanInProgress : Time Taken:200.942)
SYSTEM PulseSecureService.exe OpswatIMC p7432 t1D48 opsantivirusclient.cpp:223 - 'OpswatImcColData' Result of Antivirus API calls (Successfully called: FindInstalledProducts : Time Taken:11599.2, Successfully called: GetProductName : Time Taken:0.626496, Successfully called: GetProductVendor : Time Taken:1.16965 Successfully called: GetLastFullScanTime : Time Taken:102.389)
SYSTEM PulseSecureService.exe OpswatIMC p7432 t1D48 opsantivirusclient.cpp:227 - 'OpswatImcColData' Result of Antivirus data to monitor (Call failed: CheckRTPState : Time Taken:0.5994 : , Successfully called: GetDataFileTime : Time Taken:114.856, Successfully called: GetDataFileVersion : Time Taken:11001, Call failed: GetDataFileSignatures : Time Taken:0.46433 : , Call failed: IsUpdateInProgress : Time Taken:0.540692 : , Call failed: IsFullScanInProgress : Time Taken:0.400284 : )
SYSTEM PulseSecureService.exe OpswatIMC p7432 t1D48 opsfirewallclient.cpp:147 - 'OpswatImcColData' collecting Firewall information
SYSTEM PulseSecureService.exe OpswatIMC p7432 t1D48 opsfirewallclient.cpp:223 - 'OpswatImcColData' Result of Firewall API calls (Successfully called: FindInstalledProducts : Time Taken:27681, Successfully called: GetProductName : Time Taken:0.883499, Successfully called: GetProductVendor : Time Taken:0.984905)
SYSTEM PulseSecureService.exe OpswatIMC p7432 t1D48 opsfirewallclient.cpp:227 - 'OpswatImcColData' Result of Firewall data to monitor (Successfully called: CheckRTPState : Time Taken:3.34391)
SYSTEM PulseSecureService.exe OpswatIMC p5704 t3134 opshdencryptionclient.cpp:141 - 'OpswatImcColData' Result of HDEncryption API calls (Successfully called: FindInstalledProducts : Time Taken:13364.9, Successfully called: GetProductName : Time Taken:0.408174, Successfully called: GetProductVendor : Time Taken:0.355672, Successfully called: GetEncryptedLocations : Time Taken:0.758715, Successfully called: GetEncryptionState : Time Taken:235.294Successfully called: GetEncryptionState : Time Taken:216.85Successfully called: GetEncryptionState : Time Taken:216.541)


In the above example the text that is in red shows that the combined time it is taking to collect AV, FW and HD Encryption information is 60 seconds.








 
Solution
  • Pulse Secure has reported this issue to OPSWAT and it is currently under investigation.
  • This issue is not seen with ESAP 3.1.8 using v4 SDK's.
  • This issue is improved with ESAP 3.1.7 using v4 SDK's.
  • Customers facing issues where long delays are seen with v4 SDK support in ESAP 3.1.7 or 3.1.8 should open a case with Pulse Secure support so that these can be tracked effectively.
  • As a long-term solution, and with any ESAP releases released in 2018, Pulse Secure recommends that customers currently using v3 SDK's for Endpoint Security Assessments move to using v4 SDK's since v3 SDK support ended on 12/31/2017.  Refer to TSB41055 - OPSWAT v3 software EOL Notification for details and instructions..


 
Related Links
Attachment 1 
Created ByLokesh T K

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255