I'm investigating the newest ESAP file and saw this in the release notes under "Known Issues/Limitations NOT Fixed in ESAP 1.4.1:"
3. MS FW - XP SP2+ not getting detected (385891)
Am I to understand that they're saying the default firewall in Windows XP sp2 is not properly detected? Seriously? How could they release this?
My experience so far has been less than stellar with this product. Between there STILL not being support for FF3, poor McAFee HIPS detection, and being unable to detect the default firewall for XP (and Vista at one point), I'm very disapointed. I honestly do not feel I can use the host checker in a production environment. What am I missing? Are others using it successfully?
I feel the same for host checker.vista sp1 + Symantec SEP 11 virus definition file not being detected correctly.
QA guys doing a bad job.
The current firmware version shows Firefox 3 as working but not fully tested ("compatible"). I'm using FF3 on XP with 6.2R2.1 and so far everything is OK (network connect, host checker, cache cleaner).
There have been issues for awhile with the XP firewall not always getting detected. I hit it on just one computer. I had a case open for quite awhile and all JTAC could tell me from the debug logs was that it was not enabled. Even though it showed as enabled, even though the registry keys were correct and even though a port scan showed it was working. When I asked what PRECISELY the host checker was looking for, they wouldn't tell me. Said it was "proprietary." That attitude isn't going to get many problems fixed. If they would have told me what they were looking for, I could have investigated each one and told them which check failed, something their debug logs could not do. We reformatted and reinstalled and it was detected OK.
The one that concerns me is that 1.4.1 apparently always thinks the SEP11 firewall is on even when it's not.
Same nightmare here... "proprietary". Pre-Configured Host Checks are a black box. I've called JTAC on multiple occasions when my users' PCs were running all of the required software we check for but still some are denied. Inevitably, I have to collect logs from both the IVE and the client PC (sending an .exe file to less-than-savvy users with instructions to copy into a directory, run and send back the log file generated along with the host checker log file can be very challenging) and submit only to hear that they'll have to file a 'bug'. When I ask what for, I always hear the 'proprietary' line.
If there were a way for me to see what, specifically, a failing host check was looking for, even if I had to file a ticket per event with JTAC first, I would be able to not only troubleshoot many problems myself but also create custom host checks to mitigate certain issues until a functional ESAP release solved my problem(s).
This has been a major problem with my company integrating the Host Checker solution enterprise wide and it really is a pity because we have spent considerable time and effort building custom remediation roles for our user base (a self-help KB of sorts) that we can't even use right now because too many users with the right stuff are failing.
We've been plagued primarily with AV checks but have also seen issues with OS and firewall checks as well. I brought this issue up with my Juniper reps when they were last in town, along with our region's SSL VPN product specialist -- telling them exactly what my problems were with having these blind checks along with what I would like to see improved and the specialist told me very directly that it really didn't matter how much I complained about it, I was never going to be allowed to see what these custom checks looked for. The most I could ever get through an enhancement request would be more detailed user/event logging. My desire to better serve my company and users is trumped by Juniper not knowing whether or not I would somehow misbehave with this proprietary 'intellectual property'.
Thanks for letting me vent. :-)
It's this kind of nonsense that pushes people to recommend other vendors. It's not like the XP firewall checks are undocumented by Microsoft or anything, and obviously whatever Juniper is checking for is not correct.
We did the "have the end user run the .exe" as well. I looked in the results file and it said the XP firewall was turned off. Not true.
I ran into this at another job using another vendor's product. They happily explained to me what they were checking for and it enabled us to figure out what was going on and for them to put in an additional check for the future. The problem turned out to be a third-party product that added an extraneous semi-colon at the end of a registry key they were checking.
And another thing. :-)
We can't use Vista because we bought into the Juniper "advanced malware detection" and it's now part of our documentation for the auditors. That piece, known as "WholeSecurity", is a Symantec product and Juniper says that Symantec has not updated it for Vista. So we can't use Vista or we have to back off on every reason we gave about why we needed WholeSecurity..
But... http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e84466a4bce3c... says that v5.1 to be released in November 2007 will support Vista and its release notes at http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c77dad6971a22... say it was released on time and does support Vista.
Thanks for letting ME vent! :-)
During that same meeting with my Juniper sales/engineering reps, we reviewed each of the licenses I don't currently have installed and when we talked about the Advanced Malware Protection feature, I was told that the vendor they use dropped support for it and so had Juniper. Coordinating Juniper's IDP solution with the SA appliances was now the preferred solution for malware protection. Anywho, it was that information that led us away from purchasing those licenses.
ESAP 1.4.2 was just released and is supposed to fix the XP SP2+ firewall problem.