02-25-2012 05:01 PM
I just updated my Avast Home Edition to 7.0.1407. When I tried to login to my office PC (with Bank of Montreal) with RSA, I failed because Host Checker complained ". Does anyone else have similar problem? Thank you.
|1.||Antivirus Not Accepted / Antivirus non accepte"|
02-26-2012 04:04 PM
I have the exact same problem with this since several days ago when my Avast Internet Security was upgrade to their latest version v7.0.1407. This has never been a problem before in the past and I have been using Avast in conjunction with Juniper SSL VPN for more than a year.
Can this be looked into urgently by Juniper support as this is preventing me from accessing my company's intranet from home!
This is the error message I am getting:
02-26-2012 04:08 PM
03-05-2012 06:12 AM
I already logged a JTAC case. Here is a reply from JTAC support a few days ago:
We had raised an internal ticket with OPSWAT and got the update that they are targeting avast! Internet Security (7.x) antivirus for an April end release. We have asked them to check if they can prepone this date and are waiting for their update on it. Please refer KB22348 in order to create a process check based host checker policy, if this fulfills as a workaround till then.
In the mean time, I have installed MSE to get around this issue. But I only enable MSE when I have to get onto my Corporate VPN. Otherwise I disable it on my computer.
04-17-2012 01:51 PM - edited 04-17-2012 01:52 PM
I am wondering why the turn around time is so long (it will be about 2 months according to the plan). The original purpose of using anti-virus software is to prevent the virus. In order to achieve this goal, every anti-virus software provider always emphasizes that you need to use the most up-to-date version and keep the virus definition file most up-to-date as well. It is regretful that I have to compromise this condition just because Juniper cannot finish the tests. In the future, can we expect that juniper works closely with those companies and tries to finish the tests within the days of the new release?
04-18-2012 06:42 AM
I understand the frustration, I will try and give an overview of how Juniper gets products into the ESAP package used by Host Checker as that it is something we do not directly control.
The ESAP packages used on the SA uses the OESIS framework which is supplied by OPSWAT (http://www.opswat.com/products/oesis-framework). OPSWAT are an industry leader for this technology and they work with the multitude of vendors and their security products.
When a Juniper customer reports that a product/version is not included in the current ESAP we have them collect data from the OESIS Diagnose tool on one of their client PCs, then a ticket is opened with OPSWAT requesting support be added to a future OESIS SDK. They need to analyze and code how they will get the various states from the product that need to be reported, using the vendor's APIs where possible. Once OPSWAT release that Juniper can then create a new ESAP package with it.
At each step there needs to be testing and verification and there can be delays for various reasons, which is why it is recommended to request the software vendor become certified with OPSWAT (http://www.opswat.com/certified) so that they collaborate with them to help reduce the turnaround time for inclusion of products/versions and enhance what can be offered via Host Checker (http://www.opswat.com/certified/partners/why-certi
You can see the OPSWAT release messages at https://portal.opswat.com/blog/
For the Avast 7.0, it was included in OESIS Framework 3.5.771.2 (https://portal.opswat.com/blog/oesis-framework-357
Juniper posted ESAP 2-1-3 publically to http://www.juniper.net/support/products/esap/#sw on March 29th.
Usually Juniper makes an Early Access (EA) version up to a week before it is officially released on the Support site, these are made available for testing purposes to customers who reported issues/missing products which are resolved in that release to confirm that the fix is working with no errant behaviour. If there are no reports of problems with an EA release then it is posted to the public site.
04-20-2012 01:29 PM
I am running ESAP 2.1.3 and still having an issue with Avast 7.0 is Juniper aware that it is still not fixed or do we need to open for JTAC cases?
Juniper Networks Certified
Internet Associate - FWV
04-20-2012 01:55 PM
04-21-2012 01:07 PM
I was hopefully that Avast 7 would be functioning correctly when I saw the release notes for 2.1.3. I tested it after updating to the latest ESAP, it seems to detect the product just fails to detect real time protection even though all the real time shields for Avast 7 are enabled. Hadn't thought to test it on an XP box to see if it could detect correctly. I had no issues at all with the same Windows 7 box and Avast 6.
04-21-2012 06:25 PM - edited 04-21-2012 06:26 PM
There's a workaround to make this work with Avast 7. I'm not happy with this workaround so I still have the call open with Juniper. Not sure what has changed from Avast 6 to 7.
"The Current implementation of OPSWAT needs UAC elevation and administrator's privilege.
The workaround is to turn run as administrator on for dsHostChecker.exe, which is
present in the HC installed folder (C:\User\<username>\AppData\Roaming\Juniper
04-22-2012 06:22 AM
Glad that there is a temp workaround to resolve the issue, but with having so many remote users as well as contractors connecting into my SSL VPN with varing AV Products, I hate having to offer this as a fix for it failing the Host Checker. Especially seeing Avast 6 Free worked without an issue. Certainly will open a JTAC on Monday regarding this.
04-22-2012 01:15 PM - edited 04-22-2012 01:16 PM