I upgraded 3 psa devices this week from 9.1r11 to 9.1r12, and updated the ESAP package from 3.8.1 to 3.8.2 last night. Since the 3.8.2 update, no machine with Windows Defender have been able to pass the Host Checker (AV policy). rolling back to 3.8.1 fixes this problem. looking at the release notes for 3.8.2, PRS- 401804 is noted as resolved, it appears not to be.
... View more
They changed the default behavior of the Pulse client (but I don't recall which version). Formerly, the Pulse client would not disconnect if you were using remote desktop and disconnected from your remote desktop session, but now, when you disconnect the remote desktop session, the pulse client drops the tunnel. the 'logic' behind this is that there's no way for the Pulse client to determine if you've reconnect, or if a different use logs in. If you were to reconnect, then there wouldn't be any security issues, but if a different use logs in, they'd be able to use your existing tunnel because there's no ?simple? way in windows to limit connections via network interfaces to specific users. I think they should have implemented this so that you can only establish a connection if a single user is logged in,. also if a connection is active and that user disconnects, the tunnel /should/ remain active until 1) it times out or 2) any other user remote desktop session is activated. My solution to this is to use two machines like so: 1) from my desktop, i connect via rdp to pc1 2) from pc1, i rdp to pc2 3) from pc2, i use the pulse client to connect to a remote vpn. 4) if i disconnect the connection from my desktop to pc1, the connection from pc1 to pc2 remains active and thus my pulse secure session stays active until it times out.
... View more