Re: host checker mcafee issue

lapluk_ · ‎11-14-2011

Hi ,

does any boody find a solution for host checer and mcafee

i upgreded Esap to 1.8.0.0 but stil

1.

Antivirus

Reasons:

McAfee VirusScan Enterprise 8.7.0.570 does not comply with policy. Compliance requires latest virus definition files.

Frostie_ · ‎11-14-2011

Hello,

We have no problem with ESAP 1.8 and McAfee Enterpriese 8.7.0.570.

What IVE OS Version do you use?

lapluk_ · ‎11-14-2011

hi,

System Version
7.1R4.1 (build 19525)

how your rule looks like?

mine:

The following check is supported by these Antivirus products. For any other products, this check will be ignored.

Successful System Scan must have been performed in the last: days.

Consider this rule as passed if 'Full System Scan' was started successfully as remediation.

The following check is supported by these Antivirus products. For any other products, this check will be ignored. For this check to be effective, enable the 'Auto-update virus signatures list' option or manually import the virus signatures list on Endpoint Security page.

Virus Definition files should not be older than Updates.

Note: The maximum update value entry should be in the range of 1-10

Monitor this rule for change in result

Frostie_ · ‎11-14-2011

I can«t see your rule settings. There is no picture.

We use 7.0R7 (build 18809)

Our settings are:

__- Virus Definition files should not be older than 6 Updates

- Monitor this rule for change in result

- The " Successful System Scan must have been performed in the last x days " option is not set.

- The McAfee Enterprise is selected by Vendor "McAfee"

I«ve made the experience that different IVE OS Versions can result in different behaviours of the HC.

I had an issue with HC (ESAP 1.7.5 or 1.7.6), where it did not detect the virus definition of TrendMicro.

After upgrading the IVE from 7.0R4 to 7.0R7, the issue were gone. Without updating ESAP.

Maybe your problem isn«t only an issue with HC, but in combination with IVE 7.1 .

______

mjb_ · ‎11-14-2011

No problems with McAfee here. Our rules are similar to Frostie:

We have:

Rule Name: McAfee_Check

Require specific product: McAfee VirusScan Enterprise (8.x)

> No recent system scan required

> Virus defs not older than 8 updates

> Not reporting status change

Rule Name: Registry_Setting-EPOAGENT

checks for: \SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\EPOAGENT3000

The host checker policy uses this custom rule:

(Registry_Setting-EPOAGENT) and (McAfee_Check) and (xxx_Certificate_CA1 or xxx_Certificate_CA2)

lapluk_ · ‎11-15-2011

Hi,

sorry for that

so i set it up according your box but still same issue

i was using 2 ive soft version and 3 host checkers and same here

In attchament you can find my settings

am i missing something ?

in roles

Allow users whose workstations meet the requirements specified by these Host Checker policies: police seleceted

and in relam

Evaluate Policies

Require and Enforce

Inyoka_ · ‎11-16-2011

Hi!

Our McAfee Anti-Virus is recognized as McAfee Antispyware, youmay want to try that.

AJA_ · ‎11-16-2011

Hello Lapluk,

I suggest you to open a ticket with the JTAC for further assistance.

However, before opening the case with JTAC, please ensure to collect the below as the below will be needed by the JTAC.

- Download the "oesisdiagnose.exe" file attached to the case and copy the same to your "host checker" folder on the C
drive. The attached file is "OesisDiagnose.TXT" - Please rename is to "OesisDiagnose.exe" after download.

NOTE:

Normally, the location is the below:

C:\Documents and Settings\username\Application Data\Juniper Networks\Host Checker:

- Double click / execute the OesisDiagnose.exe file and it would give you a OesisDiagnose.log file.

- McAfee installer file and the key if any, so that JTAC can install the same and test it.

- Screenshot of the host check configuration page for McAfee checks.

- Screenshot of the McAfee application showing all the detail of the software.

- Please also ensure to collect the client side logs from the computer for a failure session.

Please refer http://www.juniper.net/techpubs/software/ive/admin/j-sa-sslvpn-7.1-clientsidechanges.pdf for more detail on where exactly do we store the logs as we do have differences in the location compared to Windows XP and Windows Vista OR Windows 7.

NOTE:

Ensure to enable client side logging on the IVE under : Log/Monitoring - Client Settings - Settings - Check / Enable Host Checker

Hope the above helps you.

AJA_ · ‎11-28-2011

Hello Frostie,

Just to let you know ESAP 1.8.1 is out - You can try this to check if your issue get's resolved.

Software Download:

https://download.juniper.net/software/ive/releases/esap/1.8.1/j-esap-1.8.1.pkg

Checksum : B5B9DE7F96846FB9721395EFCD6724E2

Supported Products List:

https://download.juniper.net/software/ive/releases/esap/1.8.1/j-esap-1.8.1-supportedproducts.pdf

Release Notes:

https://download.juniper.net/software/ive/releases/esap/1.8.1/j-esap-1.8.1-releasenotes.pdf

Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks

SF_Dan_ · ‎01-12-2012

This was resolved with ESAP 1.8.2. 1.8.0 broke mcafee and it took them 2 months to fix it.