Re: ESAP/Host Checker issue

aweise_ · ‎03-09-2010

We're running into a strange issue where I'm not sure if the ESAP or Host Checker has a bug.

We have an SA4500 running 6.5R1, using ESAP version 1.5.8. I've configured the HC policy to use an antivirus policy, checking for a scan run within the past 5 days and have definitions not older than 10 previous updates.The policy looks for *any* supported AV product.

When I connect in from a company-issued laptop using the latest Symantec Endpoint Protection, it works fine. Using my home PC with McAfee, I get the following:

'McAfee VirusScan 13.15.116 does not comply with policy. Compliance requires successful complete system scan.'

I'm running the scan right now, but my PC scans every day. Does it need to find no "problems" to be considered a successful complete scan?

cbarcellos_ · ‎03-09-2010

I replied to your other duplicate post on the other thread with this:

"What does the debuglog.log show on the client side? What does the access log on the IVE show for the rejection reason? This would help troubleshoot the issue.

Once you're sure that the full system scan has been completed you should test HC and then look at those logs. If the AV shows that the system scan was completed, and HC still fails, you should open a JTAC case."

To answer your new question: A successful last system scan would mean that the AV finished the entire scan. If the AV found threats, but still finished the scan, the user would still pass the HC restriction since the scan was completed. If the scan started, but the user canceled out of the scan, they would fail.

sk_ · ‎03-27-2010

We've had the same issue since ESAP 1.5.5.... it appears to just affect vista clients(mcafee v14 anyway)

Hopefully they address this soon