Global Protect HIP Check - Defender ATP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect HIP Check - Defender ATP

L1 Bithead

Hi, we're implementing Defender ATP as an anti-malware solution.

 

I would like HIP checks to restrict Global Protect connections from clients without a recent AV scan performed, without Real Time Protection Enabled or with out-of-date virus definitions, however the GP Host profile on the client doesn't collect this information:

Screenshot 2020-03-27 at 09.48.22.png 

 

Many full scans have completed and Real Time Protection is enabled, and the client has downloaded the latest definitions.

 

Am I missing something obvious or is this a bug?

 

Regards

5 REPLIES 5

Community Team Member

Hi @it_dist ,

 

It's likely an OPSWAT issue where this ATP version isn't yet fully covered.

I'd recommend reaching out to support. Collect the OPSWAT diagnostic logs from a system with MS Defender ATP installed.

 

Cheers,

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Looks about right based on the GP HIP logs. Would you suggest reaching out to Palo support or direct to OPSWAT?

 

P2381-T775 Mar 30 12:39:00:642846 Debug(1623): GetProductHipInfo for product: Microsoft Defender ATP (100.86.92), vendor: Microsoft Corporation P2381-T775 Mar 30 12:39:00:649126 Debug(2005): Opswat Error(-12): An error when a method call was made on a component that does not implement it. Product: Microsoft Defender ATP (Ver: 100.86.92, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_RTP_STATE(V4), Signature: 100369, Category: 5(ANTIMALWARE), OESIS (V4 ver: 4.3.999.0, V3V4 ver: 4.3.749.0) P2381-T775 Mar 30 12:39:00:655530 Debug(2005): Opswat Error(-12): An error when a method call was made on a component that does not implement it. Product: Microsoft Defender ATP (Ver: 100.86.92, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_DEF_STATE(V4), Signature: 100369, Category: 5(ANTIMALWARE), OESIS (V4 ver: 4.3.999.0, V3V4 ver: 4.3.749.0) P2381-T775 Mar 30 12:39:00:662279 Debug(2005): Opswat Error(-12): An error when a method call was made on a component that does not implement it. Product: Microsoft Defender ATP (Ver: 100.86.92, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_LAST_SCAN_TIME(V4), Signature: 100369, Category: 5(ANTIMALWARE), OESIS (V4 ver: 4.3.999.0, V3V4 ver: 4.3.749.0)

Community Team Member

Hi @it_dist ,

 

I'd reach out to support. 

There might already be a bug filed for this to have OPSWAT engaged to cover this properly.

 

Cheers,

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Thanks Kiwi,

 

Ticket raised: 01417370

 

Regards,

Tom

Hello

do you have any news about this case?

Thanks

Kind regards

  • 8757 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!