SOLVED: How To Allow Users To Use Antivirus Not Listed in the ESAP for Pulse Secure

If you have a Juniper / Pulse Secure VPN device and you use the Host Checker to confirm that connecting PC’s have an Anti Virus on them, you will eventually have a situation in which you need to allow and AV that is not on the ESAP list.  In my case the situation was that AVAST for Mac had auto-upgraded to version 12 but the ESAP only supported versions 10 and 11.  To get around this you can have the HOST CHECKER look for a “process” rather than a just the supported AV products:juniper-pulse-secure-host-checker-non-supported-antivirus-any-of-the-above-rules-avast

  1. From the admin GUI, navigate to Endpoint Security > Host Checker
  2. Under Policies, click New.
  3. In the Policy Name field, type a name for the policy and click Continue:
  4. From the Rule Settings drop-down menu, select Custom: Process, then click Add to add this new rule.
  5. In the Rule Name field, type a name for the new rule and specify the Process Name.
  6. Set the rule to Required to ensure that the end user’s computer has this process running or else, host check would fail.
  7. Click Save Changes

Note 1: You can refer the computer’s Task Manager; refer to software vendor documentation or check with the software vendor for the process name.

Note 2: You can use asterisk wildcard(s).  juniper-pulse-secure-host-checker-non-supported-antivirus-any-of-the-above-rulesAvast 12 is most likely running on a Mac as com.avast.MacAvast.MAD but relying on users to get this information is difficult so I just used *avast* as you can see in the screen shot.  I confirmed with Pulse Secure support that this would work but

Then set your Host Checker Settings Policy to ANY OF THE ABOVE RULES.

Check page 19 of THIS article or THIS Pulse Secure KBase article titled Process based Host Check for unsupported software for more detail.

 

Leave a Reply