SSL VPN
Reply
Contributor
rdrombos
Posts: 18
Registered: ‎04-18-2008
0

Problems with ESET NOD32 V5 and ESAP V1.8.0?

Recently upgraded ESAP to V1.8.0 so we could check ESET NOD32 Version 5.x.  Check fails and says

 

ESET NOD32 Antivirus 5.0.94.0 does not comply with policy. Compliance requires real time protection enabled.'

 

So it recognizes the AV product but thinks that it does not have real time protection enabled.  (Real time protection IS enabled.  This is a default setting.) 

 

Anyone else see this?  I Suspect that this is a bug in ESAP.  Working a ticket with JTAC but was hoping to see if anyone has the same problem.

 

Bob D

Moderator Moderator
Moderator
AJA
Posts: 130
Registered: ‎05-07-2010
0

Re: Problems with ESET NOD32 V5 and ESAP V1.8.0?

Hello Bob,

 

Yes, you are on the right track. Please open a ticket with the JTAC to confirm if this is a BUG on the ESAP.

 

However, before opening the case with JTAC, please ensure to collect the below as the below will be needed by the JTAC.

 

- Dowload the "oesisdiagnose.exe" file attached to the case and copy the same to your "host checker" folder on the C
  drive. The attached file is "OesisDiagnose.TXT" - Please rename is to "OesisDiagnose.exe" after download.

 

NOTE:

 

Normally, the location is the below:

C:\Documents and Settings\username\Application Data\Juniper Networks\Host Checker:

 

- Double click / execute the OesisDiagnose.exe file and it would give you a OesisDiagnose.log file.

- ESET NOD32 V5 installer file and the key if any.

- Screenshot of the ESET NOD32 V5 application showing all the detail of the software.

- Please also ensure to collect the client side logs from the computer for a failure session.

 

Please refer http://www.juniper.net/techpubs/software/ive/admin/j-sa-sslvpn-7.1-clientsidechanges.pdf for more detail on where exactly do we store the logs as we do have differences in the location compared to Windows XP and Windows Vista OR Windows 7.

 

NOTE:

 

Ensure to enable client side logging on the IVE under : Log/Monitoring - Client Settings - Settings - "Check / Enable" Host Checker

 

 

 

Hope the above helps you.

Moderator Moderator
Moderator
AJA
Posts: 130
Registered: ‎05-07-2010
0

Re: Problems with ESET NOD32 V5 and ESAP V1.8.0?

Hello Bob,

 

ESAP 1.8.1 is released: Could you please upgrade your ESAP and check if this resolves your issue?

 

Software Download:

https://download.juniper.net/software/ive/releases/esap/1.8.1/j-esap-1.8.1.pkg

 

Checksum : B5B9DE7F96846FB9721395EFCD6724E2

 

Supported Products List:

https://download.juniper.net/software/ive/releases/esap/1.8.1/j-esap-1.8.1-supportedproducts.pdf

 

Release Notes:

https://download.juniper.net/software/ive/releases/esap/1.8.1/j-esap-1.8.1-releasenotes.pdf

 

 

NOTE:

Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks

Visitor
Roger.H
Posts: 4
Registered: ‎12-02-2011
0

Re: Problems with ESET NOD32 V5 and ESAP V1.8.0?

Hi there,

 

I am using ESAP V1.8.1 now and still have this issue:

 

'ESET NOD32 Antivirus 5.0.94.0 does not comply with policy'.

 

Any ideas when Juniper will resolve this issue?

 

Rog.

Moderator
zanyterp
Posts: 2,274
Registered: ‎11-19-2007
0

Re: Problems with ESET NOD32 V5 and ESAP V1.8.0?

Are you updating the AV signature list on the IVE? Have you opened a case with JTAC for this?

Is it all users? 

Visitor
Avenger
Posts: 5
Registered: ‎06-07-2010
0

Re: Problems with ESET NOD32 V5 and ESAP V1.8.0?

 

Confirming this as a problem with ESAP 1.8.1 and NOD32 5.0.95.0 (latest versions as of this post). 

 

Issue can be reproduced only if user is not an administrator on the local PC since Host Checker is unable to determine the real-time protection status (OESISDiagnose reports "FSRTP Status: UNKNOWN"). If user is an administrator, Host Checker passes without issue.

 

 

Visitor
Avenger
Posts: 5
Registered: ‎06-07-2010
0

Re: Problems with ESET NOD32 V5 and ESAP V1.8.0?

 

Re-confirmed on ESAP 1.8.2 and NOD32 5.0.95.0.

Recognized Expert
MattS
Posts: 205
Registered: ‎11-06-2007
0

Re: Problems with ESET NOD32 V5 and ESAP V1.8.0?

 

 

For ESET Smart Security 5.x , it has been requested by a customer and OPSWAT have informed us that they are attempting to validate and include support for it in ESAP 1.8.3 which is expected to be released in February 2012.

 

Until the support for ESET 5.x is added, as a workaround you can create your own custom Host Checker policy to detect the ESET application, please review http://kb.juniper.net/KB22348

 

 

To generate the Oesis diagnostic log file, you can also download the tool from the OPSWAT site:

 

 

* go to http://www.opswat.com/products/oesis-framework

* download the OESIS Diagnostic Tool (http://c3384790.r90.cf0.rackcdn.com/OESIS-Diagnose/OESIS-Diagnose.zip)

* extract the files to the Host Checker directory (C:\Documents and Settings\<USER NAME>\Application Data\Juniper Networks\Host Checker for XP;

C:\Users\<USER NAME>\AppData\Roaming\Juniper Networks\Host Checker\ for Win7)

* run the OesisDiagnose executable.

 

This will generate a log file in the same directory.

 

 

Visitor
Avenger
Posts: 5
Registered: ‎06-07-2010
0

Re: Problems with ESET NOD32 V5 and ESAP V1.8.0?

 

Matt,

 

Thanks for the info.

 

However, the information that I provided was for ESET NOD32 Anti-Virus 5.0.95 (not Smart Security), which is in the list of supported products since ESAP 1.8.0. It works fine, as long as you are logged into the local machine as an administrator.

Recognized Expert
MattS
Posts: 205
Registered: ‎11-06-2007
0

Re: Problems with ESET NOD32 V5 and ESAP V1.8.0?

 

Is the Juniper Installer Service (JIS) installed for the non-admin account?  As it works for Admins it sounds like a permission problem and Host Checker has failed to install/access some components to detect the Real Time Protection.

 

If you uninstall Host Checker, install JIS as an admin and then connect does HC get re-installed and the HC policy pass?

 

See p.704 of the Admin Guide for details on JIS.

 

 

If it is still failing with JIS then client-side logs will need to be inspected to find out what is the problem, which would be better handled ina TAC case.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.