cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft Security Essentials 4 fails hostcheck

SOLVED
Highlighted
Contributor

Microsoft Security Essentials 4 fails hostcheck

FYI,

Just being released into the wild. ESAP 2.1.4 or lower does not find it.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Frequent Contributor

Re: Microsoft Security Essentials 4 fails hostcheck

This will be fixed in ESAP2.1.5, which will be released tentaively on May 18th.

 

The date may vary a day or two.

 

Hope the above helps.

 

 

 

 

Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks

View solution in original post

13 REPLIES 13
Highlighted
Respected Contributor

Re: Microsoft Security Essentials 4 fails hostcheck

Yup; just released so the vendor we work with for host checking does not check it.
Please work with JTAC on a case for this request.
Highlighted
Frequent Contributor

Re: Microsoft Security Essentials 4 fails hostcheck

We could use this as well, one of our contractors use this on their laptops and they updated over the weekend.. If there is a ticket open, can we add ourselves to it or do we need to open another ticket?

Highlighted
Frequent Contributor

Re: Microsoft Security Essentials 4 fails hostcheck

FYI, this one is hitting my company pretty hard. We have a tiered VPN access model and provide some VPN functionality to employees' home PCs and and to the PCs of our numberous vendors.

MS released this updated version of Security Essentials as an important update and as such it automatically went out to users who have automatic updates enabled in Windows Update.

Highlighted
Not applicable

Re: Microsoft Security Essentials 4 fails hostcheck

Just an FYI JTAC informed me there have an internal ticket to get MSE 4.x supported but as a workaround I had to create a process check rule in my AV policy to look for msseces.exe and this worked.

Highlighted
Contributor

Re: Microsoft Security Essentials 4 fails hostcheck


@ceb1969 wrote:

Just an FYI JTAC informed me there have an internal ticket to get MSE 4.x supported but as a workaround I had to create a process check rule in my AV policy to look for msseces.exe and this worked.


Is there a KB for this? I want to add that but I do not want it to break my other users.

Thanks!

Highlighted
Frequent Contributor

Re: Microsoft Security Essentials 4 fails hostcheck

You should be able to modify your existing policy. I ended up creating a new check to look for the msseces.exe, added it to my existing ESAP based AV policy, then changed the require option to either "Any of the above rules" or if you have additional rules you may want to apply, then use Custom and do something along these lines "allow=MSE-v4 OR Preferred-AntiVirus ".......

This did the trick for me.

I do wish Juniper would have proactively sent out an alert on this when the calls started pouring in.

Highlighted
Contributor

Re: Microsoft Security Essentials 4 fails hostcheck


@-red- wrote:

You should be able to modify your existing policy. I ended up creating a new check to look for the msseces.exe, added it to my existing ESAP based AV policy, then changed the require option to either "Any of the above rules" or if you have additional rules you may want to apply, then use Custom and do something along these lines "allow=MSE-v4 OR Preferred-AntiVirus ".......

This did the trick for me.

I do wish Juniper would have proactively sent out an alert on this when the calls started pouring in.


Thank -red-

Also this is the latest from my Juniper contact on this.

We currently have a ticket open for MS Security Essential 4.0. We expect to release support for it in the IVE sometime in June or July.

Here is a KB for a workaround: http://kb.pulsesecure.net/KB22348

The KB is a general one for un-supported product. Please use the below mentioned process name instead of the one in the KB, and that should be it.

Provide the workaround to do a check for the process "msseces.exe"

Highlighted
Contributor

Re: Microsoft Security Essentials 4 fails hostcheck

two to three months to add detection for one of the highest market share AVs? that's ridiculous.

I know Juniper rely on opswat for the AV detection, but they really should start pressuring them a bit more.

  • Sophos 10 (#3 corporate AV vendor worldwide if you trust their numbers) took over 3 months to get included
  • Avast Free (global number 1 AV product according to OPSWAT, #2 in North America) isn't detected properly on Windows 7
  • Microsoft (#1 North America, #4 world wide) now two to three months away from detection.

it's almost pointless using AV detection on Juniper, because you're going to have to roll your own detections to do it reliably, and that means you lose out on the proper versioning that juniper allegedly provides!

Does anyone know where the Security Essentials updates are stored so I can at least make sure it's no more than a week out of date?

Highlighted
Contributor

Re: Microsoft Security Essentials 4 fails hostcheck

I agree that 2-3 months is too long. MS put out a public beta of Security Essentials 4 back in Nov/Dec. It would be nice if Juniper/OPSWAT would proactively monitor at least the top 5-10 AV products used.

Also, this is how I'm checking for MSEv4 and any other antivirus with one policy. JTAC didn't have any suggestions for me other than the kb article.

Require Custom:

Allow=Firewall AND PatchAssessment AND (Antivirus OR MSEv4)

-Firewall checks for ANY firewall

-Antivirus checks for ANY antivirus vendor except Microsoft.

-MSEv4 checks for msseces.exe