Hello,
Microsoft upgraded me to the 1809 Release and my customer uses the Pulse Secure client to log onto the VPN. I get a conformity issue because it seems that Opswat is no longer recognizing the restructured Defender. This is what I find in the log:
00163,09 2018/10/09 13:53:13.438 3 SYSTEM PulseSecureService.exe OpswatIMC p132528 t46B38 opsantivirusclient.cpp:129 - 'OpswatImcColData' collecting Antivirus information
00174,09 2018/10/09 13:53:13.979 4 SYSTEM PulseSecureService.exe hcUtils p132528 t46B38 hcUtilsWin.cpp:227 - 'getGMTBias' TimeZone: Mitteleuropäische Sommerzeit GMT Offset: 120 mins
00157,09 2018/10/09 13:53:13.979 3 SYSTEM PulseSecureService.exe OpswatIMC p132528 t46B38 opsantivirusclient.cpp:156 - 'OpswatImcColData' No Antivirus is installed
00194,09 2018/10/09 13:53:13.979 4 SYSTEM PulseSecureService.exe OpswatIMC p132528 t46B38 opsintegritydata.cpp:53 - 'getIMVMessage' IMV Message : <parameter name="AntiVirus" value="is_installed=NO;"> :
00193,09 2018/10/09 13:53:13.979 4 SYSTEM PulseSecureService.exe OpswatIMC p132528 t46B38 opsantivirusdata.cpp:41 - 'toImvMessage' IMV Message : <parameter name="AntiVirus" value="is_installed=NO;"> :
Best Regards
Hello,
I recommend to open a support case to collect logs and troublshoot the issue.
Adding my debug log. There can be seen that in the beginning PulseSecureService.exe identifies Windows Defender successfully (with two statuses? Antivirus[Enabled] and AntiSpyware[Disabled]), but at the end OPSWAT is stating that no Antivirus found. I hope this helps a bit closer to the root issue. No time to open a ticket
SoHHandler.cpp:120 - 'SoHHandler:opulateHealthDetails' Antivirus Product details - Name : Windows Defender, State - 397568, Status : Enabled - up-to-date
00238,09 2018/10/30 09:27:53.277 3 SYSTEM PulseSecureService.exe SohIMC p6012 t26F8 SoHHandler.cpp:187 - 'SoHHandler:opulateHealthDetails' AntiSpyware Product details - Name : Windows Defender, State - 397568, Status : not enabled - up-to-date
00125,09 2018/10/30 09:27:53.282 3 SYSTEM PulseSecureService.exe SohIMC p6012 t26F8 SoHHandler.cpp:436 - 'SOHHandler' Health value:0
........
00160,09 2018/10/30 09:28:02.329 3 SYSTEM PulseSecureService.exe OpswatIMC p6012 t26F8 opsantivirusclient.cpp:129 - 'OpswatImcColData' collecting Antivirus information
00154,09 2018/10/30 09:28:08.724 3 SYSTEM PulseSecureService.exe OpswatIMC p6012 t26F8 opsantivirusclient.cpp:156 - 'OpswatImcColData' No Antivirus is installed
Which version of Pulse Secure client are you currently running?
Pulse Secure is currently qualifying Windows 10 Redstone 5 (Version 1809) and will have updates for supported version on our KB, located at
KB43907 - Support for Windows 10 Redstone 5 (Version 1809)
Hello Janar,
The SOH (Statement of Health) messages can be ignored. To get details about OPSWAT, you'll need to increase the log level to Detailed within the Pulse client. This should give more details in level 4 and 5 about the AV detected and the results.
Are you only detecting for Windows Defender?