All Topics » Pulse Policy Secure



Host Checker auto download new SEP definitions to PC


sean.giroux@puma.com
Contributor (11)
May 6, 2014 10:50am

I have HostChecker working in my lab environment so that it automatically remediates an out of date Symantec Endpoint Virus definitions.  However, I have noticed the below message just runs all day with no actual update occuring. I have logging turned on my firewall in the lab and really do not see traffic leaving my remediation network to untrust. If you fail host checker you are put on a "visitors" network by default.

 

That said, does anyone know what the traffic flow is? Does the PULSE client locally on the system go out to the interenet to Symantec to grab the latest defs or does the IC initiate the communication out to Symantec and then passes along that data to the client?

 

We use Sep 11.x and will be upgrading to Sep 12.x later this year. If anyone uses this in their envirnoment and has aooutomatic remediation working, I would love the input.

 

Also if anyone has a better way of updating virus defs once laptop/PULSE client fails host checker... Is there a way to kick off a script automatically or add a link to a local script on my network (which can be accessed from my visitors network) that the end user will click on to either go to Symantec to donwload the defs or to our in house SEPM server. I do know there is a script floating around for SEP 12.x, but from my understanding can only be used as a logon scrtipt.

 

I am running IC4500 with code level 4.3r4.4. and eap version 2.6.1. The virus signatures are being downloaded from Juniper with no issue.

 

Auto_Remediation.JPG




kalagesan
Contributor (11)
May 6, 2014 8:09pm

Hi Sean,

 

I understand your issue.

 

With Host Checker antivirus remediation, we can prompt the endpoint to download the latest virus signature files, turn on antivirus protection, and initiate an antivirus scan.

 

Hope you have Download latest virus definition files check box option enabled as part of remediataion for SEP 11.x in IC admin GUI in Hostchecker AV policy configuration.


Enabling this will enforce client to download the AV definition files which are missing however the SEP AV installed on the machines should also been enabled to download the AV definitions.

 

If possible you can get the URL for virus definition update URL from SEP and you can add this URL for users who are remediating by enabling Customer instructions . This is part of remediation cofig in IC HD rule.


Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

    sean.giroux@puma.com
    Contributor (11)
    May 7, 2014 5:58am

    Kannan,

    I do have "Download Latest Virus Definitions" selected as part of the remediation process on the IC. And machines are enabled to do LiveUpdate from Symantec (as well as from SEPM).  I understand how to use the custom instructions and providing a link for end users to follow to download the latest defs.

     

    I guess my question is more along the lines as to why that pulse message/screen from my original post takes so long to actually download and install the latest definitions. Our internet pipe is more than large enough to handle the size of the download (150MB fiber).

     

    Based on you post, it sounds like the machine/client PC that fails host checker goes out to the internet via LiveUpdate in the backround (possible by triggering Symantecs command line LUALL -s).

     

    You have answered my questions to my liking, however was hoping for some more insight on my other questions about scripts and other ways company's remediate their clients if they fail hostchecker for out of date defs.

     

    thank you

    sean