FYI,
Just being released into the wild. ESAP 2.1.4 or lower does not find it.
Solved! Go to Solution.
This will be fixed in ESAP2.1.5, which will be released tentaively on May 18th.
The date may vary a day or two.
Hope the above helps.
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks
We could use this as well, one of our contractors use this on their laptops and they updated over the weekend.. If there is a ticket open, can we add ourselves to it or do we need to open another ticket?
FYI, this one is hitting my company pretty hard. We have a tiered VPN access model and provide some VPN functionality to employees' home PCs and and to the PCs of our numberous vendors.
MS released this updated version of Security Essentials as an important update and as such it automatically went out to users who have automatic updates enabled in Windows Update.
Just an FYI JTAC informed me there have an internal ticket to get MSE 4.x supported but as a workaround I had to create a process check rule in my AV policy to look for msseces.exe and this worked.
@ceb1969 wrote:Just an FYI JTAC informed me there have an internal ticket to get MSE 4.x supported but as a workaround I had to create a process check rule in my AV policy to look for msseces.exe and this worked.
Is there a KB for this? I want to add that but I do not want it to break my other users.
Thanks!
You should be able to modify your existing policy. I ended up creating a new check to look for the msseces.exe, added it to my existing ESAP based AV policy, then changed the require option to either "Any of the above rules" or if you have additional rules you may want to apply, then use Custom and do something along these lines "allow=MSE-v4 OR Preferred-AntiVirus ".......
This did the trick for me.
I do wish Juniper would have proactively sent out an alert on this when the calls started pouring in.
@-red- wrote:You should be able to modify your existing policy. I ended up creating a new check to look for the msseces.exe, added it to my existing ESAP based AV policy, then changed the require option to either "Any of the above rules" or if you have additional rules you may want to apply, then use Custom and do something along these lines "allow=MSE-v4 OR Preferred-AntiVirus ".......
This did the trick for me.
I do wish Juniper would have proactively sent out an alert on this when the calls started pouring in.
Thank -red-
Also this is the latest from my Juniper contact on this.
We currently have a ticket open for MS Security Essential 4.0. We expect to release support for it in the IVE sometime in June or July.
Here is a KB for a workaround: http://kb.pulsesecure.net/KB22348
The KB is a general one for un-supported product. Please use the below mentioned process name instead of the one in the KB, and that should be it.
Provide the workaround to do a check for the process "msseces.exe"
two to three months to add detection for one of the highest market share AVs? that's ridiculous.
I know Juniper rely on opswat for the AV detection, but they really should start pressuring them a bit more.
it's almost pointless using AV detection on Juniper, because you're going to have to roll your own detections to do it reliably, and that means you lose out on the proper versioning that juniper allegedly provides!
Does anyone know where the Security Essentials updates are stored so I can at least make sure it's no more than a week out of date?
I agree that 2-3 months is too long. MS put out a public beta of Security Essentials 4 back in Nov/Dec. It would be nice if Juniper/OPSWAT would proactively monitor at least the top 5-10 AV products used.
Also, this is how I'm checking for MSEv4 and any other antivirus with one policy. JTAC didn't have any suggestions for me other than the kb article.
Require Custom:
Allow=Firewall AND PatchAssessment AND (Antivirus OR MSEv4)
-Firewall checks for ANY firewall
-Antivirus checks for ANY antivirus vendor except Microsoft.
-MSEv4 checks for msseces.exe