My current workaround is also to disable Advance Endpoint Defense; after much troubleshooting the JTAC engineer told me this is a known bug with v6.2R3 and that it has been escalated for a fix in an upcoming version - no word on when that might be, though.
I've never had so much trouble with any other appliance as with IVE upgrades on the SA.
What I have done to mitigate the risks associated with out of date AV definitions and Windows updates etc. is to only allow computers joined to our corporate domain to use WSAM or Network Connect. Personal or "outside" computers which may be vulnerable only get the regular SSL webpage with IVE web bookmarks (Outlook Web Access etc.)
This is a simple HC registry key search. Something to think about anyway.
In my case the Host Checker did start to evaluate AV sig deffs somewhat (i'll get it in a little bit) correctly after the SA was upgraded to 6.2R3 and everything configured from scratch. However after further testing I discovered that simply evaluating some other HC policy that checks for non present AV product (not the product you're enforcing) makes the enforced HC policies fail even when they should pass.
The host is running AVG with latest defs.
Policy1 -> check for AVG with latest defs.
Policy2 -> check for Sysmantec with lates defs.
Enforce Policy1. Everything works as it should.
Evaluate Policy2, Enforce Policy1. Bamm! HC fails.
What's up with that?
i still have that problem, while trying to upgrade from 6.0 to 6.4. some clients work fine, others hang at hostchecker installation and i really dont have any idea where the difference could be.
any idea here?