I'm testing client access to our SA2500, when running as a non admin I keep getting stopped with a failure message including "Advanced Endpoint Defense: Malware Protection" in it.
On reading up on it it seems users need to have admin rights for the AED:Behavior Blocker feature to work. Now I can see where to disable the AED:Malware Protection feature and if I do this a normal user can log in fine but I don't see where to leave the Malware Checker enabled but disable the Behavior Blocker feature?
I'm running 6.5 and have the Juniper Service Installer installed on the PC. I even saw an option on an old Juniper KB article that has a specific option for the Behaviour Blocker but cant see it on our device.
Anyone know if its possible to disable just the behavior blocker feature?
The endpoint security solution for malware has undergone major changes in 6.5. The new equivalent feature in 6.5 does not have a 'Behavior Blocker' component and that is why you don't see it in the admin GUI.
The new feature needs admin privileges for all functionality and one of the solutions for restricted users is to use Juniper Installer service (JIS)
Hi and thanks for the reply
I have the JIS installed but if I enable the malware check feature non-admin users can not log in.
As soon as I turne off the malware check the non-admin can log in fine. Also if I'm logging in as an admin and I have the malware checker enabled I can log in fine.
Anyone experience this?
Just to clarify, before any of the tests above I'm uninstalling any of the Juniper clients etc except for the installer service then rebooting and then logging onto the SA and effectivly going through the host check for the1st time
Was the JIS installed on the machine as a local PC admin? If not, it will not be able to run and allow the services to run that are needed.
Which version of 6.5 are you using? Do you have a lab unit you can test against with the latest 6.5 or 7.0?
Hi, and thanks for the reply:
JIS was installed as a domain admin, then testing was done as a local non admin account.
Using the latest ver of 6.5 (package_b15991.bin), don't have a test unit unfortunatly. I asked Juniper was 7 ok for our 2500. They said while we could use it, 6.5 was more suitable. Are there improvements in 7.0 that might fix or negate my current problem?
I am not sure why you were informed that 6.5 would be more suitable; either will work without any issue. I am not sure if there would be a fix for what you are seeing in 7.0
While the JIS was installed as domain admin, was that user a local PC administrator? The admin domain rights do not necessarily mean local PC admin.