Recently our clients have started facing issues with hostchecker, a bigfix patch was deployed on their machine to upgrade the SEP client from 12.1.3x to 12.1.5x. but after the upgrade there are a lot of users that are failing on the hostchecker with error message 'symantec endpoint protection[Firewall] 12.1.5337.5000 does not comply with policy, PFA, the error log screenshot.
The SEP is updated and compliant and has latest virus defs
The host checker computes 2 policies:-
1. Bank build( which checks OS and other machine related info) - passing
2. ESAP policy - where it is failing, we have tried both 2.7.4 and 2.7.6 ESAP policies and both have 12.1.x SEP version defined on them. Also, not all the users are failing with these clients only few are.
What I'm suspecting is that the SEP agent is not correctly installed or has corrupt registeries which host checker is not able to read.
I've compared the SEP registery(HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\) for working and non-working machines and they both are same.
So, could anyone of you please help me understand what info does host checker checks before it concludes a machine to be compliant or non-compliant.
I'm attaching the debuglog file of one of the user, in case that helps, though I couldn't find anything related to SEP in that.
Just to add, I've already confirmed with the SEP compliance team and they've confimred that the SEP client and firewall on these machines are enabled and registered. Also, a clean uninstallation and reinstallation of SEP has already been done, so I'm not sure why Host checker is reading it as non-compliant
Is this happening for all end users? This doesn't seem to be a HC issue as I do not see setup client is able to be downloaded to the client machine.
Can you check to see if SEP is blocking the setup client?
00148,09 2014/04/27 19:55:58.872 1 zhubin JuniperExt.exe JuniperSetupExt p1356 t7B8 dsHttpImpl.cpp:122 - 'DSHttpImpl::sendRequest()' httpSendRequest failed 00145,09 2014/04/27 19:55:58.872 1 zhubin JuniperExt.exe JuniperSetupExt p1356 t7B8 dsHttpImpl.cpp:341 - 'DSHttpImpl::downloadFile()' sendRequest failed 00197,09 2014/04/27 19:55:58.872 1 zhubin JuniperExt.exe JuniperSetupExt p1356 t7B8 DSSetupClientInvokeWebParameters.cpp:235 - 'DSDownloadSetupClient()' http->downloadFile(de-esb1.dbrasweb.db.com) error 1 00170,09 2014/04/27 19:55:58.873 1 zhubin JuniperExt.exe JuniperSetupExt p1356 t7B8 JuniperSetupExt.cpp:237 - 'DSSetupClientHelperExt::download()' DSDownloadSetupClient() failed 00156,09 2014/04/27 19:55:58.873 1 zhubin JuniperExt.exe JuniperSetupExt p1356 t7B8 JuniperSetupExt.cpp:287 - 'WinMain()' checkInstallation() failed, exit with -1.
Thanks for your response; No, this is not happening to all the end users as I mentioned the SEP got upgraded via some bigfix patch, it got installed to around 3,200 machines and only few handful of them have reported the issue so far.
as far as SEP blocking anything is concerned, that should not be the case as this is working fine for a lot of users, same FW and policies are deployed on all the client machines.
The strange part is the error message in the logs(please refer to the pic attached), that 'SEP [Firewall] 12.1.5337.5000 does not comply with policy with our hostchekcer policy', whereas 12.1.x is defined in both 2.7.4 and 2.7.6 ESAP versions.
Is it a known behavior, even when the FW version is mentioned in the ESAP, still this error could pop-up in the logs?
The error message will appear if setup client fails. This component is needed to launch HC. If setup client is missing, then you will receive the HC error message.
Can the end user see if they can reach the EXE directly?
Sorry, but I'm not really sure which exe file are you referring to, is it the dshostchecker.exe one that you're talking about?
00239,09 2014/01/02 21:33:14.730 3 zhubin JuniperExt.exe JuniperSetupExt p1328 t1110 DSSetupClientInvokeWebParameters.cpp:214 - 'DSDownloadSetupClient()' downloadUrl :https://dbrasweb-de.egslb.db.com/dana-cached/sc/JuniperSetupClientInstaller.exe
OK, thanks for the clarification, I'll have to confirm this with the users, I'll get back here with the results as soon as I have them.
I've confirmed with the users, they are able to run url directly and also are able to download the setup installer from there, but still failing at HC.