https://live.paloaltonetworks.com/t5/general-topics/palo-alto-scan-clients-for-antivirus/m-p/37603#M27554 <HTML><HEAD></HEAD><BODY><P>Yes Mark,</P><P></P><P>You can used it for the mac's too.</P><P>If you like you can divide the checks for MAC and for Windows machines in separate IP Profiles, where one can be checking if the system has Windows OS, and an AV solution running (and/or up to date), and another HIP Profile that will check if the system is MAC OS and there is and an AV solution running (and/or up to date). For that reason when creating the HIP object, in the GENERAL tab, mark the Host info and select the OS as needed (mac or win), and if needed limit the versions that are in usage in your environment (maybe you are only using windows 7 Professional and windows 8.1 for the Microsoft OS and Mac OS X 10.8 from Apple). After that make the needed combination of HIP objects into HIP Profiles (using logical operators) and attache the profile to to a security rule. Dont forget to add block rule for the users that dont have the HIP profile, or at least limit them to just be able to go to certain sites (like the update server for the AV solution in use).</P></BODY></HTML> Sun, 02 Feb 2014 12:55:16 GMT ialeksov 2014-02-02T12:55:16Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-scan-clients-for-antivirus/m-p/37600#M27551 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>I have a quick question regarding the capabilities of the Palo Alto's. In this scenario, we want to be able to deny computers who connect via SSL VPN (GlobalProtect) access to the network if they do not have antivirus on their machines. Can Palo Alto do this? If so, can you direct me to the procedures of how to set this up?</P><P></P><P>Thanks,</P><P>Mark</P></BODY></HTML> Fri, 31 Jan 2014 22:46:12 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-scan-clients-for-antivirus/m-p/37600#M27551 MarkTan 2014-01-31T22:46:12Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-scan-clients-for-antivirus/m-p/37601#M27552 <HTML><HEAD></HEAD><BODY><P>Hi Mark,</P><P></P><P>You can use HIP checks to do this.</P><P>You will need to configure HIP object for the AV solutions that you want the firewall to check for, than create a HIP profile and to assign the profile to a security rule (this is selected in the Users tab of the security policy).</P><P>Please check this article. It is for widows patches, but the principle is the same.</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-6371">How to Configure HIP for Missing Microsoft Patches</A></P><P></P><P>Hope this helps</P></BODY></HTML> Fri, 31 Jan 2014 23:37:55 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-scan-clients-for-antivirus/m-p/37601#M27552 ialeksov 2014-01-31T23:37:55Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-scan-clients-for-antivirus/m-p/37602#M27553 <HTML><HEAD></HEAD><BODY><P>Does this also work for Macs?</P></BODY></HTML> Sun, 02 Feb 2014 04:18:34 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-scan-clients-for-antivirus/m-p/37602#M27553 MarkTan 2014-02-02T04:18:34Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-scan-clients-for-antivirus/m-p/37603#M27554 <HTML><HEAD></HEAD><BODY><P>Yes Mark,</P><P></P><P>You can used it for the mac's too.</P><P>If you like you can divide the checks for MAC and for Windows machines in separate IP Profiles, where one can be checking if the system has Windows OS, and an AV solution running (and/or up to date), and another HIP Profile that will check if the system is MAC OS and there is and an AV solution running (and/or up to date). For that reason when creating the HIP object, in the GENERAL tab, mark the Host info and select the OS as needed (mac or win), and if needed limit the versions that are in usage in your environment (maybe you are only using windows 7 Professional and windows 8.1 for the Microsoft OS and Mac OS X 10.8 from Apple). After that make the needed combination of HIP objects into HIP Profiles (using logical operators) and attache the profile to to a security rule. Dont forget to add block rule for the users that dont have the HIP profile, or at least limit them to just be able to go to certain sites (like the update server for the AV solution in use).</P></BODY></HTML> Sun, 02 Feb 2014 12:55:16 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-scan-clients-for-antivirus/m-p/37603#M27554 ialeksov 2014-02-02T12:55:16Z