Re: ZoneAlarm Security Suite (7.x) not working wit...

Dan_ · ‎01-17-2008

How do I get more information about my hostchecker problem?

* Host Checker policy 'xxx' failed on host x.x.x.x . Reason: 'The rule 'Antivirus' evaluated to false.'.

I have included the appropriate Zone Labs components in the ESAP 1.3.2 hostchecker policy.

* ZoneAlarm Security Suite FW (7.x)

* ZoneAlarm Security Suite Antivirus (7.x)

As far as I know, the PCs with ZoneAlarm Security Suite (7.x) installed, come up smelling of roses so why is it failing?

Are there any logs I can check or tools I can use to find out why hostchecker doesn't work or thinks there is something wrong?

Here's an clip from EPCheck.log that seems to suggest the product is mis-named and it cannot find the FSRTP "ScanningProcess.exe". (I have checked that FSRTP is running and it did catch 'eicar.com'). ZoneAlarm 7.0.462 moved to Kaspersky for the antivirus scanner which brought the Antivirus and Spyware scanner under one single process instead of two. Is HostChecker looking for this second "ScanningProcess.exe" that used to exist in previous versions of ZoneAlarm?

2008/01/17 23:07:34.824 : "DebugId" 'OPSAVProviderContainer::CreateProvider' [Debug] OPSAVProviderContainer::CreateProvider: No AV object received for product id : MicrosoftAV
2008/01/17 23:07:34.824 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Unable to create provider for ProductID MicrosoftAV
2008/01/17 23:07:34.824 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Failed to get Provider
2008/01/17 23:07:34.824 : "DebugId" 'HCProviderContainer::GetProvider' [Debug] HCProviderContainer::GetProvider: Failed to get provider
2008/01/17 23:07:34.824 : "DebugId" 'DSAVCheck::CheckInstalledVersion()' [Debug] DSAVCheck::CheckInstalledVersion(): Unable to obtain the provider

2008/01/17 23:07:34.824 : "DebugId" 'OPSProviderContainer:: DllExists()' [Debug] OPSProviderContainer:: DllExists(): DLL .\AV\Check_PointAV.dll exists

2008/01/17 23:07:34.824 : "DebugId" 'OPSAVProvider::Version()' [Debug] OPSAVProvider::Version(): ***AV/AS Version = 7.0.462.000 ***
2008/01/17 23:07:34.824 : "DebugId" 'OPSAVProvider::GetProductName()' [Debug] OPSAVProvider::GetProductName(): ***AV/AS Product Name = ZoneAlarm Security Suite Antivirus ***
2008/01/17 23:07:34.824 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: Product name mismatch: ZoneAlarm (AntiVirus) | ZoneAlarm Security Suite Antivirus

2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer:: DllExists()' [Debug] OPSProviderContainer:: DllExists(): DLL .\AV\Zone_Labs.dll exists

2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProviderContainer::CreateProvider' [Debug] OPSAVProviderContainer::CreateProvider: No AV object received for product id : ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Unable to create provider for ProductID ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Failed to get Provider
2008/01/17 23:07:34.840 : "DebugId" 'HCProviderContainer::GetProvider' [Debug] HCProviderContainer::GetProvider: Failed to get provider
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion()' [Debug] DSAVCheck::CheckInstalledVersion(): Unable to obtain the provider

2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::Version()' [Debug] OPSAVProvider::Version(): ***AV/AS Version = 7.0.462.000 ***
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::GetProductName()' [Debug] OPSAVProvider::GetProductName(): ***AV/AS Product Name = ZoneAlarm Security Suite Antivirus ***
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: Product name mismatch: ZoneAlarm Anti-virus | ZoneAlarm Security Suite Antivirus

2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProviderContainer::CreateProvider' [Debug] OPSAVProviderContainer::CreateProvider: No AV object received for product id : ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Unable to create provider for ProductID ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Failed to get Provider
2008/01/17 23:07:34.840 : "DebugId" 'HCProviderContainer::GetProvider' [Debug] HCProviderContainer::GetProvider: Failed to get provider
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion()' [Debug] DSAVCheck::CheckInstalledVersion(): Unable to obtain the provider

2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::Version()' [Debug] OPSAVProvider::Version(): ***AV/AS Version = 7.0.462.000 ***
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::GetProductName()' [Debug] OPSAVProvider::GetProductName(): ***AV/AS Product Name = ZoneAlarm Security Suite Antivirus ***
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::IsVirDefFileAgeWithin()' [Debug] OPSAVProvider::IsVirDefFileAgeWithin(): ***AV/AS Virus Definition File is 0 days old ***
2008/01/17 23:07:34.840 : "DebugId" 'DSCheckData::GetString' [Debug] DSCheckData::GetString: unable to get value for key VirusDefsUTD
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: FSRTP supported, we will not check for the services
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::IsFSRTP_ON()' [Debug] OPSAVProvider::IsFSRTP_ON(): FSRTP state is Disabled
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: "File System Real Time Protection" is OFF

2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProviderContainer::CreateProvider' [Debug] OPSAVProviderContainer::CreateProvider: No AV object received for product id : ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Unable to create provider for ProductID ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Failed to get Provider
2008/01/17 23:07:34.840 : "DebugId" 'HCProviderContainer::GetProvider' [Debug] HCProviderContainer::GetProvider: Failed to get provider
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion()' [Debug] DSAVCheck::CheckInstalledVersion(): Unable to obtain the provider

2008/01/17 23:07:34.840 : "DebugId" '[dsAYTPreDef::AYT()]' [Debug] [dsAYTPreDef::AYT()]: ##### Predefined Rule check Failed #####

Message Edited by Dan on 01-17-2008 04:49 PM

Automate_ · ‎01-21-2008

Have you run through this Resolution Guide? http://kb.pulsesecure.net/KB9625 (type 'hostchecker' in http://kb.pulsesecure.net to find. ) Once you run through that, if it stil doesn't work I'd recomend opening a case with JTAC - the RG will prompt you for the log data to collect in advance so should save a little time on the case handling.

But this line:

2008/01/17 23:07:34.824 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: Product name mismatch: ZoneAlarm (AntiVirus) | ZoneAlarm Security Suite Antivirus

looks suspicious.

Regards,

-Keith

joepope_ · ‎01-21-2008

I had the same problem, many of the checks in ESAP are bad. I have had numerous support cases opened.

To see what is going on, on the User Roles > (one of the roles > General > Session Options, scroll down and select "Enable Upload Logs". Now go to System > Configuration > Client Logs. Select "Host Checker".

Try to client that is failing the AV checks. Now on that workstation in Window Explorer go to: Documents and Settings\(user name)\Application Data\Juniper Networks\EPCheck and open the logs EPCheck.log. Scroll down and find the AV that is failing, you will see some reasons (pattern too old, etc.) If is shows the name is not recognized as it should the check was not made correctly (Juniper programmers) and you need to open a support case.

ESAP 1.3.2 is the newest and the best so far, but still fails to recognize many antivirus packages correctly, even though they are listed as supported. And forget about Microsoft Live OneCare, I opened a case at ver 1.6 and when they finally got a check fixed for it the verision jumped to 2.0!

Good Luck (you will need it!)

Jahmal_ · ‎02-14-2008

Dan,

This issue is resolved with ESAP package 1.3.3 which is currently released. You can find the release at the following location:

http://www.juniper.net/techpubs/software/ive/esap/

Authentication will be required.

Regards,

Jahmal

ZoneAlarm Security Suite (7.x) not working with HostChecker

ZoneAlarm Security Suite (7.x) not working with HostChecker

Re: ZoneAlarm Security Suite (7.x) not working with HostChecker

Re: ZoneAlarm Security Suite (7.x) not working with HostChecker

Re: ZoneAlarm Security Suite (7.x) not working with HostChecker