Network Access Control

 View Only

  • 1.  Host integrity policy requirement

    Posted Feb 28, 2015 10:49 AM

    Hi Guys,

    Please i need you to checkout  something for me. i have created a host integrity policy that requires client machines to have any antivirus installed.

    The issue is that policy fails even though the client machines possess kaspersky endpoint security 10 as antivirus. It seems that snac agent doesnt see kaspersky endpoint security 10 as an antivirus software.

    Thanks in advance !

     

    Esaie



  • 2.  RE: Host integrity policy requirement

    Broadcom Employee
    Posted Mar 30, 2015 08:43 AM

    Hi,

    Does it work for other antivirus? Are you facing issue for only kaspersky endpoint security 10?



  • 3.  RE: Host integrity policy requirement

    Posted Mar 30, 2015 08:44 AM

    How did you configure your policy?



  • 4.  RE: Host integrity policy requirement

    Posted Mar 30, 2015 09:28 AM

    Hi Guys,

    Thanks for answering, here is the policy requirement:

    Name : check antivirus

    Antivirus application that must be installed and running : All products

    The client has kaspersky installed and running but compliance fails due to antivirus as if there were no antivirus.

     



  • 5.  RE: Host integrity policy requirement

    Posted Mar 30, 2015 09:51 AM

    The HI policy in SEPM is for KIS not KES

    You may need to create a custom requirement for this
     



  • 6.  RE: Host integrity policy requirement

    Posted Mar 30, 2015 09:55 AM

    Hi Brian, thanks but please any guide for the custom requirement for KES ?



  • 7.  RE: Host integrity policy requirement

    Posted Jun 25, 2015 12:34 AM

    @ESAIE, I would advise and recommend getting with BOTH Symantec support and the vendor - Kaspersky and with their colloboration and united effort getting help with: Writing a customized requirement script (Article: HOWTO101736). I agree it may seem unjust with your Host Integrity (HI) work considering the "Any Antivirus Product" HI template is selected to implement. Also even though you mention "snac agent" remember Symantec Network Access Control (SNAC) and HI with SEP 12.1.5 (and beyond i.e. the new SEP 12.1.6 May 21st, 2015 release) operate independently. HI does not - for purposes of what you are trying to accomplish rely on the SNAC agent and service. Your focus is clearly on the proper IF/THEN statements to confirm "kaspersky endpoint security 10" is running on the endpoints for your HI compliance check. This appears to be informative: http://support.kaspersky.com/us/9389. Hope this helps.



  • 8.  RE: Host integrity policy requirement

    Posted Aug 03, 2015 12:38 AM

    @ESAIE, I would advise and recommend further, since we are in the dawn of SEP 12.1.6 (RU6, MP1) area to understand the implications of Fix ID: 3518941 (HI template files are not included in exported SEP client package). New fixes in Symantec Endpoint Protection 12.1.6 (Article: TECH230558)