does any boody find a solution for host checer and mcafee
i upgreded Esap to 184.108.40.206 but stil
We have no problem with ESAP 1.8 and McAfee Enterpriese 220.127.116.110.
What IVE OS Version do you use?
7.1R4.1 (build 19525)
how your rule looks like?
|Monitor this rule for change in result|
I can«t see your rule settings. There is no picture.
We use 7.0R7 (build 18809)
Our settings are:
__- Virus Definition files should not be older than 6 Updates
- Monitor this rule for change in result
- The " Successful System Scan must have been performed in the last x days " option is not set.
- The McAfee Enterprise is selected by Vendor "McAfee"
I«ve made the experience that different IVE OS Versions can result in different behaviours of the HC.
I had an issue with HC (ESAP 1.7.5 or 1.7.6), where it did not detect the virus definition of TrendMicro.
After upgrading the IVE from 7.0R4 to 7.0R7, the issue were gone. Without updating ESAP.
Maybe your problem isn«t only an issue with HC, but in combination with IVE 7.1 .
No problems with McAfee here. Our rules are similar to Frostie:
Rule Name: McAfee_Check
Require specific product: McAfee VirusScan Enterprise (8.x)
> No recent system scan required
> Virus defs not older than 8 updates
> Not reporting status change
Rule Name: Registry_Setting-EPOAGENT
checks for: \SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\EPOAGENT3000
The host checker policy uses this custom rule:
(Registry_Setting-EPOAGENT) and (McAfee_Check) and (xxx_Certificate_CA1 or xxx_Certificate_CA2)
sorry for that
so i set it up according your box but still same issue
i was using 2 ive soft version and 3 host checkers and same here
In attchament you can find my settings
am i missing something ?
Allow users whose workstations meet the requirements specified by these Host Checker policies: police seleceted
and in relam
|Evaluate Policies||Require and Enforce|
Our McAfee Anti-Virus is recognized as McAfee Antispyware, youmay want to try that.
I suggest you to open a ticket with the JTAC for further assistance.
However, before opening the case with JTAC, please ensure to collect the below as the below will be needed by the JTAC.
- Download the "oesisdiagnose.exe" file attached to the case and copy the same to your "host checker" folder on the C
drive. The attached file is "OesisDiagnose.TXT" - Please rename is to "OesisDiagnose.exe" after download.
Normally, the location is the below:
C:\Documents and Settings\username\Application Data\Juniper Networks\Host Checker:
- Double click / execute the OesisDiagnose.exe file and it would give you a OesisDiagnose.log file.
- McAfee installer file and the key if any, so that JTAC can install the same and test it.
- Screenshot of the host check configuration page for McAfee checks.
- Screenshot of the McAfee application showing all the detail of the software.
- Please also ensure to collect the client side logs from the computer for a failure session.
Please refer http://www.juniper.net/techpubs/software/ive/admin/j-sa-sslvpn-7.1-clientsidechanges.pdf for more detail on where exactly do we store the logs as we do have differences in the location compared to Windows XP and Windows Vista OR Windows 7.
Ensure to enable client side logging on the IVE under : Log/Monitoring - Client Settings - Settings - Check / Enable Host Checker
Hope the above helps you.
Just to let you know ESAP 1.8.1 is out - You can try this to check if your issue get's resolved.
Checksum : B5B9DE7F96846FB9721395EFCD6724E2
Supported Products List:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks
This was resolved with ESAP 1.8.2. 1.8.0 broke mcafee and it took them 2 months to fix it.