Some info on Mavericks, which is not yet currently supported: http://kb.pulsesecure.net/InfoCenter/index?page=content&id=kb28278 ... View more

We're likely going to need to get HC logs, so at this point I would recommend opening up a case with JTAC and we will have someone jump on this and get to debugging it. It sounds like some kind of memory leak and likely it is not due to the OS but more likely some other application. Do you know if there is any anti-spyware or AV app running on the same PC? Has anyone tried disabling that for those few days to see if HC still goes up to 100%? Is it reproducible on a stand-alone PC in your lab (say one with basic apps and nobody using it)? This would help us narrow down what is going on. Another thought could be corrupt policy information from the SA but likely that would affect all systems not just a few. ... View more

Looking into this. Nothing comes to mind as a known issue. We have thousands of customers using Host Checker, each with hundreds to thousands of users per deployment. This is the first time I've heard of Host Checker consuming 100% CPU on the client. What other software is running on your PC or those dozen or so PCs? Is there some commonality? Did you double check the registry settings for Host Checker and also in the registry? I wonder if the key is in some incompatible format (e.g. hex vs. string) or something like that? Kevin ... View more

This is definitely on our radar and at some point, we will qualify it "officially". ... View more

This is certainly something we can keep in mind for a future revision. In the mean time, you're suggestion might be the best one. Craft a check for a process which you know would only be there for the specific OS. "Explorer.exe" for Windows and perhaps something related to "init" on Linux/Mac OS. You will note we have different Host Check policies in the Admin UI, however, I will remind you these only define which clients get which executables/policies, it does not change the checking per se. These are based on user-agent and thusly, a more refined host check as I specified above, would be a more reliable way to do this enforcement. Regards, Kevin ... View more

Yes, you're right, security must come in multiple layers, a simple domain name or otherwise registry entry is insufficient. I agree a Machine Cert would be much more ideal. As to whether we are looking at doing something in this space in the future, if you have any suggestions on something specific, please let us know. We are always open to our customers' suggestions. There are likely various plays here including DLP, TPM, HW profiling, etc... ... View more

Yes, this is correct. Now that Leopard is released, Juniper Dev/QA is finalizing the support for the GA Leopard code. We have been testing with Leopard (with the help of the Apple Dev team) for some time now and will soon be launching a new release of IVE code which supports Mac OS Leopard. For those who can't wait, there is a work-around available by adding a new symlink for a missing shared SSL library, which Leopard did not ship with, which has proven to resolve issues with NC on existing IVE code. ... View more