I have 7.3R1 installed in my lab and I was able to get Host Checker working. I should add that according to the release notes Juniper only supports one third pardty AV product when running Windows 8, which is Defender. Also, the release notes state that you must be running ESAP 2.2.4 (which I am).

The release notes also state that real time file scanning is not detectable in Win8 until RTFS has been disabled and re-enabled in Defender. I can confirm that this is true. When I first logged in with Win8 / Defender, I was failing the AV policy. This didn't change until I manually disabled the RTFS feature in Defender and re-enabled it.

In my case, the AV policy is enforced at the role level. So I was able to perform the disable / re-enable while still logged into the VPN. I let the session sit idle long enough for the security policies to be re-evaluated at which point the roles that were restricted by the AV policy became available. I also confirmed in the Active Users monitor that the PC was fully-compliant.

7.3R1 Release Notes info on HC and pre-defined AV policies:

"Hostchecker support of Predefined policies on Windows 8 endpoints is limited to Windows Defender only with ESAP 2.2.4. Windows Defender needs to be manually Turned off/on once on Windows 8 machines to enable the 'Check RTP status' Hostchecker policy (792564, 802832, 802855, 813340, 815559)"

Oddly enough, I only had to disable and re-enable Defender once. Even after a reboot, Defender was properly detected.

you are correct, only once is expected to be the requirement

The "What's New" pdf has been posted for 7.3R1

I've also been able to get host checker working between Windows 8 and IVE 7.2R3, but only with FireFox.

Here is the process that I followed.

1. Install Firefox ( I tested 16.0.1. ).
2. Install Java ( I tested version 7, update 9 ).
3. Log into the VPN - HC will not be able to detect Windows Defender initially.
4. Open Windows Defender using the search built into Windows 8.
5. Disable the real time file scanning in Defender and then re-enable.
6. Log out of the VPN and then log back in.

Obviously this isn't an officially supported scenario, but I think the information is useful.

Thank you for sharing; iI think that is required even with IVE OS 7.3 (to open and toggle the setting) for it to pass.

This works fine for me when using portal site but when I use Jonos Pulse I get the same problem. Anyone here that got a workaround for that as well?

I'm using 7.3R1 and tried both ESAP 2.2.4 and 2.2.6 but without luck

/Johan

if it is not working with pulse on 7.3, please go ahead & open a case with jtac

Hostchecker for Windows 8 is supported from 7.3R1 except Patch Assessment and Enhanced Endpoint Security.

http://www.juniper.net/techpubs/software/ive/releasenotes/j-sa-sslvpn-7.3R1-releasenotes.pdf

Hi Guys,

I can share one of my experience as well, we are using 7.2R5, we start to test the result when we are running with win8 (of course, we are with HC as well)

One PC in LAN and one notebook over internet with the same Win8 build 9200, I found that the PC is ok with HC +Firefox but never get through with my notebook..

This result is not comfort with me, I traced the user login log and it is believed that something related with HC, also from somewhere, I learned that the module will be downloading via ActiveX then Java.

I spent some times on the notebook and I found the trick .....

I found that I can run on IE10 with HC with the following sequence

1) Install Firefox 17.0

2) Install Java Via Firefox, with the "default" installation, Java7 update10 I received

3) Then I am using IE10 login our SSLVPN box, of course, HC pops up and said this is not support on this browser.

4) I press "Try again" once more,

5) It is surprised that it allow me to download those components and require me login one more time

6) Finally I can login via IE10

you can put the site in trusted site to allow ActiveX modules run from this site without prompt.