Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Sensor is failing the Pulse Secure VPN Antivirus check

Carbon Black Cloud: Sensor is failing the Pulse Secure VPN Antivirus check

Environment

  • Carbon Black Cloud Sensor: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • Apple macOS: All Supported Versions
  • Pulse Secure VPN Client

Symptoms

  • Pulse Secure VPN downloads and runs Host Checker software
  • Host Checker will report an error that "Your computer's security is unsatisfactory"
    This is a article attached imageThis is a article attached image

Cause

The root cause as provided by Pulse Secure KB43790

Though we strive to provide zero day support for AV's and firewalls, we may run into issues where a major version upgrade is released for a vendor after ESAP release and we may not have the support for the AV/firewall in the ESAP which was just released. we will see an error that HC failed due to reason "Compliance requires real time protection enabled" or the AV/firewall product will not be detected at all and it will show failure for windows defender on windows as windows defender is the default AV/firewall product.

Resolution

  • The solution is to check with Pulse Secure VPN Administrator for that Company to ensure that they have implemented a check for the Carbon Black Cloud Sensor version that you are using.
  • If this is something that has already been done, then the Company's VPN Admin can follow up with Pulse Secure to ensure that this check is included in a future release or implement the recommended workaround(s).

Additional Notes

Workaround as provided by Pulse Secure KB22348 and which can be implemented by the Pulse Secure Administrator. See Pulse Secure KB22348 for details.

  • There are instances when there are unsupported antivirus, anti-Spyware, etc, on the ESAP product list.
  • In such a scenario, there may be clients trying to connect to PCS/PPS with a unsupported application on their computer. The user may be connecting to a protected role and he or she may not connect as expected; while they might see a non-compliance message on their browser by Host Checker.
  • To overcome this situation, an PCS/PPS administrator can use the process check feature provided by the PCS/PPS OS.
  • If the work around is accepted, Perform the procedure mentioned in the Solution section to configure the PCS/PPS for process check, which will effectively inspect if the respective process is running for a particular application on a computer. If the process check succeeds, the host check completes and if it fails, the end user will not be able to logon to PCS/PPS.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎06-20-2018
Views:
2865
Contributors