cancel
Showing results for 
Search instead for 
Did you mean: 

ZoneAlarm Security Suite (7.x) not working with HostChecker

Highlighted
Not applicable

ZoneAlarm Security Suite (7.x) not working with HostChecker

How do I get more information about my hostchecker problem?
* Host Checker policy 'xxx' failed on host x.x.x.x . Reason: 'The rule 'Antivirus' evaluated to false.'.
I have included the appropriate Zone Labs components in the ESAP 1.3.2 hostchecker policy.
* ZoneAlarm Security Suite FW (7.x)
* ZoneAlarm Security Suite Antivirus (7.x)
As far as I know, the PCs with ZoneAlarm Security Suite (7.x) installed, come up smelling of roses so why is it failing?
Are there any logs I can check or tools I can use to find out why hostchecker doesn't work or thinks there is something wrong?
Here's an clip from EPCheck.log that seems to suggest the product is mis-named and it cannot find the FSRTP "ScanningProcess.exe". (I have checked that FSRTP is running and it did catch 'eicar.com'). ZoneAlarm 7.0.462 moved to Kaspersky for the antivirus scanner which brought the Antivirus and Spyware scanner under one single process instead of two. Is HostChecker looking for this second "ScanningProcess.exe" that used to exist in previous versions of ZoneAlarm?
2008/01/17 23:07:34.824 : "DebugId" 'OPSAVProviderContainer::CreateProvider' [Debug] OPSAVProviderContainer::CreateProvider: No AV object received for product id : MicrosoftAV
2008/01/17 23:07:34.824 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Unable to create provider for ProductID MicrosoftAV
2008/01/17 23:07:34.824 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Failed to get Provider
2008/01/17 23:07:34.824 : "DebugId" 'HCProviderContainer::GetProvider' [Debug] HCProviderContainer::GetProvider: Failed to get provider
2008/01/17 23:07:34.824 : "DebugId" 'DSAVCheck::CheckInstalledVersion()' [Debug] DSAVCheck::CheckInstalledVersion(): Unable to obtain the provider
2008/01/17 23:07:34.824 : "DebugId" 'OPSProviderContainer:: DllExists()' [Debug] OPSProviderContainer:: DllExists(): DLL .\AV\Check_PointAV.dll exists
2008/01/17 23:07:34.824 : "DebugId" 'OPSAVProvider::Version()' [Debug] OPSAVProvider::Version(): ***AV/AS Version = 7.0.462.000 ***
2008/01/17 23:07:34.824 : "DebugId" 'OPSAVProvider::GetProductName()' [Debug] OPSAVProvider::GetProductName(): ***AV/AS Product Name = ZoneAlarm Security Suite Antivirus ***
2008/01/17 23:07:34.824 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: Product name mismatch: ZoneAlarm (AntiVirus) | ZoneAlarm Security Suite Antivirus
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer:: DllExists()' [Debug] OPSProviderContainer:: DllExists(): DLL .\AV\Zone_Labs.dll exists
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProviderContainer::CreateProvider' [Debug] OPSAVProviderContainer::CreateProvider: No AV object received for product id : ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Unable to create provider for ProductID ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Failed to get Provider
2008/01/17 23:07:34.840 : "DebugId" 'HCProviderContainer::GetProvider' [Debug] HCProviderContainer::GetProvider: Failed to get provider
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion()' [Debug] DSAVCheck::CheckInstalledVersion(): Unable to obtain the provider
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::Version()' [Debug] OPSAVProvider::Version(): ***AV/AS Version = 7.0.462.000 ***
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::GetProductName()' [Debug] OPSAVProvider::GetProductName(): ***AV/AS Product Name = ZoneAlarm Security Suite Antivirus ***
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: Product name mismatch: ZoneAlarm Anti-virus | ZoneAlarm Security Suite Antivirus
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProviderContainer::CreateProvider' [Debug] OPSAVProviderContainer::CreateProvider: No AV object received for product id : ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Unable to create provider for ProductID ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Failed to get Provider
2008/01/17 23:07:34.840 : "DebugId" 'HCProviderContainer::GetProvider' [Debug] HCProviderContainer::GetProvider: Failed to get provider
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion()' [Debug] DSAVCheck::CheckInstalledVersion(): Unable to obtain the provider
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProviderContainer::CreateProvider' [Debug] OPSAVProviderContainer::CreateProvider: No AV object received for product id : ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Unable to create provider for ProductID ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Failed to get Provider
2008/01/17 23:07:34.840 : "DebugId" 'HCProviderContainer::GetProvider' [Debug] HCProviderContainer::GetProvider: Failed to get provider
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion()' [Debug] DSAVCheck::CheckInstalledVersion(): Unable to obtain the provider
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::Version()' [Debug] OPSAVProvider::Version(): ***AV/AS Version = 7.0.462.000 ***
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::GetProductName()' [Debug] OPSAVProvider::GetProductName(): ***AV/AS Product Name = ZoneAlarm Security Suite Antivirus ***
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::IsVirDefFileAgeWithin()' [Debug] OPSAVProvider::IsVirDefFileAgeWithin(): ***AV/AS Virus Definition File is 0 days old ***
2008/01/17 23:07:34.840 : "DebugId" 'DSCheckData::GetString' [Debug] DSCheckData::GetString: unable to get value for key VirusDefsUTD
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: FSRTP supported, we will not check for the services
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProvider::IsFSRTP_ON()' [Debug] OPSAVProvider::IsFSRTP_ON(): FSRTP state is Disabled
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: "File System Real Time Protection" is OFF
2008/01/17 23:07:34.840 : "DebugId" 'OPSAVProviderContainer::CreateProvider' [Debug] OPSAVProviderContainer::CreateProvider: No AV object received for product id : ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Unable to create provider for ProductID ZoneLabs
2008/01/17 23:07:34.840 : "DebugId" 'OPSProviderContainer::GetProvider' [Debug] OPSProviderContainer::GetProvider: Failed to get Provider
2008/01/17 23:07:34.840 : "DebugId" 'HCProviderContainer::GetProvider' [Debug] HCProviderContainer::GetProvider: Failed to get provider
2008/01/17 23:07:34.840 : "DebugId" 'DSAVCheck::CheckInstalledVersion()' [Debug] DSAVCheck::CheckInstalledVersion(): Unable to obtain the provider
2008/01/17 23:07:34.840 : "DebugId" '[dsAYTPreDef::AYT()]' [Debug] [dsAYTPreDef::AYT()]: ##### Predefined Rule check Failed #####


Message Edited by Dan on 01-17-2008 04:49 PM
3 REPLIES 3
Highlighted
Frequent Contributor

Re: ZoneAlarm Security Suite (7.x) not working with HostChecker

Have you run through this Resolution Guide? http://kb.pulsesecure.net/KB9625 (type 'hostchecker' in http://kb.pulsesecure.net to find. ) Once you run through that, if it stil doesn't work I'd recomend opening a case with JTAC - the RG will prompt you for the log data to collect in advance so should save a little time on the case handling.

 

But this line:

 

2008/01/17 23:07:34.824 : "DebugId" 'DSAVCheck::CheckInstalledVersion' [Debug] DSAVCheck::CheckInstalledVersion: Product name mismatch: ZoneAlarm (AntiVirus) | ZoneAlarm Security Suite Antivirus

 

looks suspicious.

 

Regards,

 

-Keith
Highlighted
Occasional Contributor

Re: ZoneAlarm Security Suite (7.x) not working with HostChecker

I had the same problem, many of the checks in ESAP are bad. I have had numerous support cases opened.
To see what is going on, on the User Roles > (one of the roles > General > Session Options, scroll down and select "Enable Upload Logs". Now go to System > Configuration > Client Logs. Select "Host Checker".
Try to client that is failing the AV checks. Now on that workstation in Window Explorer go to: Documents and Settings\(user name)\Application Data\Juniper Networks\EPCheck and open the logs EPCheck.log. Scroll down and find the AV that is failing, you will see some reasons (pattern too old, etc.) If is shows the name is not recognized as it should the check was not made correctly (Juniper programmers) and you need to open a support case.
ESAP 1.3.2 is the newest and the best so far, but still fails to recognize many antivirus packages correctly, even though they are listed as supported. And forget about Microsoft Live OneCare, I opened a case at ver 1.6 and when they finally got a check fixed for it the verision jumped to 2.0!
Good Luck (you will need it!)
Highlighted
Contributor

Re: ZoneAlarm Security Suite (7.x) not working with HostChecker

Dan,
This issue is resolved with ESAP package 1.3.3 which is currently released. You can find the release at the following location:
Authentication will be required.
Regards,
Jahmal