Reset Search
 

 

Article

KB43790 - Troubleshooting Host Checker ESAP related issues and integration with OPSWAT SDK's

« Go Back

Information

 
Last Modified Date6/11/2018 2:34 PM
Synopsis
This article provides details on troubleshooting HC ESAP related issues and information on integration with V3 and V4 SDK's
Problem or Goal

Common  problems :

1. Though we strive to provide zero day support for AV's and firewalls, we may run into issues where a major version upgrade is released for a vendor after ESAP release and we may not have the support for the AV/firewall in the ESAP which was just released. we will see an error that HC failed due to reason "Compliance requires real time protection enabled" or the AV/firewall product will not be detected at all and it will show failure for windows defender on windows as windows defender is the default AV/firewall product.

2. We fail the check for " Check for the Virus Definition files" based on number of updates or days.


Host checker uses Opswat SDK to collect endpoint compliance data and the same information is passed to endpoint policy server (PCS or PPS) to evaluate a role mapping rule or resource policy, based on policy evaluation result, the user will be allowed/denied access. Opswat SDK supports performing remediation action on endpoint.OPSWAT SDK is packaged into our ESAP plugin and we release ESAP once a month towards the end of the Month.

We have V3 and V4 SDK from Opswat. At any point only one version of SDK is used for compliance data collection, this is controlled using an option on admin UI to activate older version of SDK(V3) in ESAP.

Note : We no longer support V3 SDK and no new products or fixes will be added, please refer to below articles and upgrade to V4 SDK :

TSB41055 - OPSWAT v3 software EOL Notification​
KB40318 - Impact / Changes between V3 and V4 OPSWAT SDK

The functionality supported with ESAP are :

  • Detect Anti Spyware software on endpoint - Pre-defined host check option to detect any anti spyware software of specific one such as Symantec endpoint protection.
  • Detect Hard disk encryption software on endpoint - Pre-defined host check option to detect hard disk encryption software such as bit locker.
  • Detect and remediate firewall software on endpoint -  Pre-defined host check option allows to detect firewall such as windows firewall with an remediation option to enable firewall.
  • Detect and remediate anti-virus software - Pre-defined host check option allows to detect anti virus software such Symantec endpoint protection with remediation options such as scan the system.
  • Pre-defined Patch management policy evaluation is done based on the number of missing patches - This option is available only for windows clients.
  • Pre-defined OS checks.

 

Cause
Solution

Workarounds for problems 1 and 2 in problem or goal section :

1. Till we have fix available in next ESAP, configure a process based HC policy, for example for Symantec end point protection,we can configure a process check as below :

User-added image

2. We can configure Virus definition check based on number of days as a workaround till fix is available and vice-versa.

User-added image

       Raise a support case with below logs : Refer also https://www.pulsesecure.net/techpubs/pulse-connect-secure/esap/3.2.x for supported products in latest ESAP available at that time for V4 SDK.The latest ESAP version at the time of this KB is 3.2.6.
 
Related Links
Attachment 1 
Created Byjai laisram

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255