Common problems :
1. Though we strive to provide zero day support for AV's and firewalls, we may run into issues where a major version upgrade is released for a vendor after ESAP release and we may not have the support for the AV/firewall in the ESAP which was just released. we will see an error that HC failed due to reason "Compliance requires real time protection enabled" or the AV/firewall product will not be detected at all and it will show failure for windows defender on windows as windows defender is the default AV/firewall product.
2. We fail the check for " Check for the Virus Definition files" based on number of updates or days.
Host checker uses Opswat SDK to collect endpoint compliance data and the same information is passed to endpoint policy server (PCS or PPS) to evaluate a role mapping rule or resource policy, based on policy evaluation result, the user will be allowed/denied access. Opswat SDK supports performing remediation action on endpoint.OPSWAT SDK is packaged into our ESAP plugin and we release ESAP once a month towards the end of the Month.
We have V3 and V4 SDK from Opswat. At any point only one version of SDK is used for compliance data collection, this is controlled using an option on admin UI to activate older version of SDK(V3) in ESAP.Note : We no longer support V3 SDK and no new products or fixes will be added, please refer to below articles and upgrade to V4 SDK :TSB41055 - OPSWAT v3 software EOL Notification
KB40318 - Impact / Changes between V3 and V4 OPSWAT SDK
The functionality supported with ESAP are :
- Detect Anti Spyware software on endpoint - Pre-defined host check option to detect any anti spyware software of specific one such as Symantec endpoint protection.
- Detect Hard disk encryption software on endpoint - Pre-defined host check option to detect hard disk encryption software such as bit locker.
- Detect and remediate firewall software on endpoint - Pre-defined host check option allows to detect firewall such as windows firewall with an remediation option to enable firewall.
- Detect and remediate anti-virus software - Pre-defined host check option allows to detect anti virus software such Symantec endpoint protection with remediation options such as scan the system.
- Pre-defined Patch management policy evaluation is done based on the number of missing patches - This option is available only for windows clients.
- Pre-defined OS checks.