Reset Search
 

 

Article

KB28146 - Endpoint Security Assessment Plug-in (ESAP) Diagnostic Tool for PCS 7.2 / PPS 4.2 and above on Windows Platform

« Go Back

Information

 
Last Modified Date2/3/2016 9:07 PM
Synopsis
This article explains the End Point Security Assessment Plug-in (ESAP) Diagnostic Tool and how to use it.

 

Problem or Goal
  • What is the ESAP Diagnostic Tool?
  • What are the client/server requirements to run the ESAP Diagnostic Tool?
  • Where can I get the ESAP Diagnostic Tool?
  • How do I use the ESAP Diagnostic Tool?
  • What does the ESAP Diagnostic Tool collect?
  • What are the known issues/limitations?                       
Cause
Solution

What is the ESAP Diagnostic Tool?


The ESAP diagnostic tool is a log collection tool for Endpoint Security issues related to pre-defined Anti-Virus, Firewall and Anti-Spyware policies defined by Host Checker. This tool is designed to simplify the process of collecting logs for ESAP related issues on client endpoints.  Each ESAP version has different OPSWAT SDK's built into it so the tool is also version specific for every ESAP release.

What are the client/server requirements to run the ESAP Diagnostic Tool?

The ESAP diagnostic tool is available for Mac and Windows endpoints and can be used to collect logs for agentless (browser-based) HC deployments as well as Pulse and OAC HC deployments.  
The tool is built for V3 and V4 OPSWAT SDK's starting with software versions PCS 7.2 / PPS 4.2 and above.  
ESAP 3.0.1 and up are supported in PCS 8.2 / PPS 5.2 and up and V3 and V4 OPSWAT SDK's are both available in ESAP 3.0.4 and up.
Refer to KBxxxxx for a complete support matrix of PCS/PPS OS compatiblity with ESAP versions as there are some dependencies to be aware of.
 

 

Where can I get the ESAP Diagnostic Tool? 

The tool is available for download at: my.pulsesecure.net

Navigation :

  1. Login to my.pulsesecure.net
  2. Select Licensing and Download Center
User-added image
  1. From the top menu, click Downloads
User-added image
  1. Under Browse My Software and Documentation, click Pulse Secure > Pulse Connect Secure or Pulse Policy Secure
User-added image
  1. Click Endpoint Security Assessment Plug-in
User-added image
  1. Click to select the corresponding ESAP release
  2. Click I Agree to accept the EULA Agreement
  3. Click I Agree to accept the Export Compliance Agreement
  4. Click to download the desired diag tool for Mac or Windows 
User-added image

Note: Starting with ESAP 3.0.4 there is a separate Diagnostic Tool for V3 and V4 OPSWAT SDK's.  Please refer to KBxxxxx for more details on when to use v3 and v4.
Include in KB Article above.  Note: Refer to KB40318 - Impact / Changes between V3 and V4 OPSWAT SDK for details.

 

Using the ESAP Diagnostic Tool for versions 2.9.1 and lower for Windows OS.  (make link to separate article)

Using the ESAP Diagnostic Tool for versions 2.9.1 and lower for Mac OSX.  (make link to separate article.)

Using the ESAP Diagnostic Tool for v3 and v4 SDK's with ESAP version 3.0.4 and up.

  1. Copy the tool to the end-user system where you want to collect the logs for debugging ESAP related issues.
  2. ​If you are running this tool to diagnose a problem with Agentless Host Checker, (browser-based Host Checker) run as the current user. by simply double-clicking the tool.
  3. If you are running this tool to diagnose a problem with OAC or Pulse, run the executable as administrator by right-clicking on the tool and selecting "Run As Administrator".  (This may require administrator password on the client endpoint.)
  4. If you see the following prompt, click OK to confirm that you want to run OPSWAT’s OESISDiagnose tool.

  1. Collect log file.

  • XP:

%AllUsersProfile%\Application Data\Juniper Networks\Logging\OpswatDiagnose<timestamp>.zip

  • Vista, Windows 7, Windows 8:

%Public%\Juniper Networks\Logging\OpswatDiagnose<timestamp>.zip

Please note that Starting ESAP 2.8.6 the diagnostic tool for Windows places the collected log file on the Desktop and renames the file to .zi
This was done to facilitate easy retrieving of the file from the desktop location and easy transfer using email.


What does the ESAP Diagnostic Tool collect?

  1. Client-side debuglog.log.

  2. OESISDiagnose.log generated by OESISDiagnose.exe shipped with the latest SDK or the one packaged in this tool when run against OPSWAT binaries in:

    1. HC install directory: This gets the OESISDiagnose.log when OESISDiagnose.exe is run against the OPSWAT dll’s that are packaged in the current running ESAP in the IVE (that is, the latest OPSWAT dll’s that were installed after the last Host Check). The tools collect logs for:
      1. Agentless Host Checker
      2. UAC Agentless Host Checker
      3. OAC TNC Client
      4. Pulse TNC Client Plugin
  3. Packaged OPSWAT SDK in the tool: The one packaged in the tool at the time it was built.


What are the Known issues and limitations?

  • Host Checker’s installed version information (versionInfo.ini).
  • ​Information on currently installed ESAP where possible (UnifiedSDK.ini).
    • OESISDiagnose.exe issues a confirmation prompt (as shown below) whenever it is run: 
  • While running the tool generated for ESAP 2.4.2 and above on a system which has DLLs from an ESAP older than 2.4.2 in Agentless Host Checker (HC), Odyssey Access Client HC or Pulse HC directory, the following error occurs (OESISDiagnose.exe - Entry Point Not Found) and the logs are not generated. OESISDiagnose.exe from the corresponding older version is needed to generate the relevant log file.

 


For instructions on running ESAP Diagnostic Tool for Mac OS and collecting the logs on Windows Platform, refer to KB29633 - [Host Checker] Endpoint Security Assessment Plug-in (ESAP) Diagnostic Tool for PCS 7.2 / PPS 4.2 and above on Mac OS Platform
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255