Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

vipinsri
Occasional Visitor
‎08-09-2022 07:02:AM
‎08-09-2022 07:02:AM

HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

We are having issues connecting to our client using PulseSecure from our PCs that have Sophos AV installed. We had been connecting fine but within the past month this started to fail stating "Sophos End point agent 2.20.11 does not comply with policy. Compliance Required succcessful complete system scan". While system is recently scanned and we put 60 days in Policy 'Successful System Scan must have been performed in the last'.

When we temporarly uncheck this policy then we are able to connect with VPN but after enabling same issue. It means ESAP is not detecting the Last System Scan date of Sophos Antivirus. 

Do we have any solution for this? Please suggest.

0 Kudos
8 REPLIES 8
zanyterp
Moderator
Moderator
‎08-09-2022 09:06:AM
‎08-09-2022 09:06:AM

Re: HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

please test with 4.0.4 and if it continues to fail, please open a case with our support team
0 Kudos
mafleming@smcm.edu
New Contributor
‎08-12-2022 06:17:AM
‎08-12-2022 06:17:AM

Re: HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

My organization has been seeing the same issue with ESAP 4.0.4 and Sophos 2022.2.1.9. Case was escalated to developers, but haven't heard anything since. 

0 Kudos
NetworkBod
Contributor
‎08-12-2022 08:35:AM
‎08-12-2022 08:35:AM

Re: HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

Out of interest what Pulse/Ivanti Client version are you using on your devices? I ask as i have a problem with a different AV failing host checker on older clients for example 9.1.13 but on the new 22.2 Client host checker passes fine. Im holding off using the newer ESAP versions until we have pushed out the latest client to all users.

mafleming@smcm.edu
New Contributor
‎08-14-2022 07:48:AM
‎08-14-2022 07:48:AM

Re: HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

We have tried Pulse Secure client versions 5.3.x up until 9.1.16 and the newest Ivanti Client. None of them seem to be able to verify that Sophos Endpoint 2022.2.1.9 is a valid anti virus agent. But as soon as we remove Sophos, users can connect to the VPN again.

 

We initially updated our appliance from 9.1R11 to 9.1R16 and our ESAP to 4.0.4 because we though the newer version of Sophos just wasn't in the older versions we were running. An issue we have seen in the past. Ivanti has confirmed to us that the issue runs deeper and their developers are working on the issue now.  

 

Pulse Secure Article: KB45380 - Sophos Core Agent 2022.2.1.9 failing compliance with ESAP 4.0.4

zanyterp
Moderator
Moderator
‎08-15-2022 12:23:AM
‎08-15-2022 12:23:AM

Re: HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

thank you for the update
0 Kudos
mafleming@smcm.edu
New Contributor
‎08-15-2022 05:52:AM
‎08-15-2022 05:52:AM

Re: HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

Just another update to my personal journey in (Product-to-Product interoperability). 

 

Ivanti's developers have identified a fix and had it validated by OPSWAT. So they know what was wrong and have found a fix. Their development SDK will be updated by tomorrow, August 16. A new ESAP module will be out by Friday, August 19th. So, the end is nigh. 

mafleming@smcm.edu
New Contributor
‎09-12-2022 09:28:AM
‎09-12-2022 09:28:AM

Re: HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

Bad news. It has been over a month and we are still having the issue with Ivanti Secure Connect not recognizing Sophos 2022.2.1.9. We have been escalated, sent multiple logs, and even installed on proposed fix (ESAP version 4.0.5). We are waiting for OPSWAT to put out a new ESAP module now, but our Helpdesk has had to resort to removing the approved and centrally managed virus scanning solution (Sophos) and installing Avast until we can get a ESAP module that correctly identifies the version of Sophos we use. 

 

If we had more users using VPN this would have been worse. But as you can all imagine, the users that do access the VPN perform very important functions for our organization. Hopefully the end is near. 

 

Mark Fleming

0 Kudos
zanyterp
Moderator
Moderator
‎09-12-2022 10:42:AM
‎09-12-2022 10:42:AM

Re: HostChecker scan fails with ESAP version: 4.0.3 for Sophos Endpoint 2.20.11

thank you for the update; i am sorry to hear that this is on-going as we work to identify ways around the failure point
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.