All Topics » Pulse Policy Secure



Host Checker automatically download new SEP definitions


sean.giroux@puma.com
Contributor (11)
Apr 25, 2014 7:12am

I am currently testing Host Checkers abillity to automatically remediate a non-compliant endpoint' SEP 11.x virus defs. From what I understand or am being told by JTAC is:

 

"When you have the option " Download latest virus definition files" selected, IC will download the virus definition files automatically when you have the link typed and saved on the "Enable Custom Instructions"."

 

I have tried using 2 sites that I found on Symantecs webpage to put in the custom instructions, but none seem to do anything automatically.  Also I am being told by JTAC that when they fail host checker due to out of date virus definitions, the end user should NOT see any errors, but instead the virus defs should be autoupdated and the pass host checker.

 

ftp://ftp.symantec.com/AVDEFS/norton_antivirus/rapidrelease


http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=rr

 

I am running IC4500 with code level 4.3r4.4. and eap version 2.6.1. The virus signatures are being downloaded from Juniper with no issue.

 

any information would be greatly appreciated.  My current case with JTAC is 2014-0424-0560. Am hoping someone has this running in their environment and can just shed some light on what I am doing or not doing.

 

thank you

sean

 




kalagesan
Contributor (11)
Correct Answer
Apr 28, 2014 1:55am

Hi Sean,

 

When you enable remediation action Download latest virus definition files?Obtains the latest available file for the specified vendor from the vendorÍs website.

 

Turn on Real Time Protection?Launches the virus-scanning mechanism for the specified vendor.

 

Start Antivirus Scan?Performs a real-time virus scan for the specified vendor.

 

The check box is active if the action is supported for your product.  

 

IC will download the latest virus defintion files based on your configuration on IC admin GUI  where it download the XML  AV signature files from https://download.juniper.net/software/av/uac/epupdate_hist.xml. AV on the client machine will ensure AV is up to date since it will have AV Update configuration

 

I don't think you need to enable links in customer instructions to download the AV update files.

 

Regards,

Kannan

 

    sean.giroux@puma.com
    Contributor (11)
    Apr 28, 2014 7:45am

    Kannan,

    Thank you very much for the post. I was able to get this working once I removed the custom string, per your instructions.

     

    Is there a way to have PULSE/Host Checker go out to my local SEP server to get the latest definitions, without having to setup a script that would run for everyone at logon (as oppose to those that fail)?

     

    I have seen some scripting examples out there, but in my reading understand that it would run at every login, no matter if they were compliant or not.

     

    If scripting is the only way, I would be curious to see what you suggest if at all.

     

    thank youagain for your help!

     

    Sean