03-09-2010 06:08 AM - edited 03-09-2010 06:09 AM
We're running into a strange issue where I'm not sure if the ESAP or Host Checker has a bug.
We have an SA4500 running 6.5R1, using ESAP version 1.5.8. I've configured the HC policy to use an antivirus policy, checking for a scan run within the past 5 days and have definitions not older than 10 previous updates.The policy looks for *any* supported AV product.
When I connect in from a company-issued laptop using the latest Symantec Endpoint Protection, it works fine. Using my home PC with McAfee, I get the following:
'McAfee VirusScan 13.15.116 does not comply with policy. Compliance requires successful complete system scan.'
I'm running the scan right now, but my PC scans every day. Does it need to find no "problems" to be considered a successful complete scan?
03-09-2010 10:10 AM - edited 03-09-2010 10:11 AM
I replied to your other duplicate post on the other thread with this:
"What does the debuglog.log show on the client side? What does the access log on the IVE show for the rejection reason? This would help troubleshoot the issue.
Once you're sure that the full system scan has been completed you should test HC and then look at those logs. If the AV shows that the system scan was completed, and HC still fails, you should open a JTAC case."
To answer your new question: A successful last system scan would mean that the AV finished the entire scan. If the AV found threats, but still finished the scan, the user would still pass the HC restriction since the scan was completed. If the scan started, but the user canceled out of the scan, they would fail.