Is anyone else seeing problems with Host Checker AV signature check issues?
We've got a few contractors using McAfee Internet Security 2012, Norton Internet Security and Microsoft Security Essentials and all of a sudden they are having issues passing the host check. Our host check policy for AV is simply that it is instsalled, running and the sigs are up to date within the last 5 updates. I've check the MAG and the last host check signature update was a few minutes ago and it is set to update every 30 minutes.
I've watched them boot the laptop, update the software and try to connect and the MAG just reports that the sigs are not up
would be worth looking at the dat flle version on the xml file on the SA and the dat file version of the AV's on the client itself and check..
We are facing the same issue for the past few weeks.
It worked for YEARS but now it started to make problems and we didnt make any changes to the configuration or Virus-Software.
I tried multiple things to solve it but always got that error again every now and then. Only way to solve it permanentely was to disable the checkbox for "Virus Definition Files should not be older than XX days". Now I'm only checking that the AntiVirus Software is installed, but not for the age of the Definition Files anymore.
I dont really know why this setting was changed anyway. Some releases ago, I think IVE OS6.x, we had the option to define the number of days the definition files can be old. Now that changed, its not the number of days, but the number Updates now and those cannot be older than 10. Why that JTAC?
As the thread starter said, I also couldnt fix it by updating the clients definition files manually - so they were definitely up2date. It appears as if Juniper (and so the SA) gets the Update-Lists earlier than the Clients actually do and then the hostcheck fails cause the Juniper already knows Signature-Updates that are not yet released for the clients. I think this is something that Juniper has to solve with the virus vendors.
I cant even open a Case at JTAC, cause when someone calls me back, the issue is gone. Its always just for a couple of hours, then its working.