03-27-2020 02:53 AM
Hi, we're implementing Defender ATP as an anti-malware solution.
I would like HIP checks to restrict Global Protect connections from clients without a recent AV scan performed, without Real Time Protection Enabled or with out-of-date virus definitions, however the GP Host profile on the client doesn't collect this information:
Many full scans have completed and Real Time Protection is enabled, and the client has downloaded the latest definitions.
Am I missing something obvious or is this a bug?
Regards
03-30-2020 04:04 AM
Hi @it_dist ,
It's likely an OPSWAT issue where this ATP version isn't yet fully covered.
I'd recommend reaching out to support. Collect the OPSWAT diagnostic logs from a system with MS Defender ATP installed.
Cheers,
-Kiwi.
03-30-2020 04:49 AM
Looks about right based on the GP HIP logs. Would you suggest reaching out to Palo support or direct to OPSWAT?
P2381-T775 Mar 30 12:39:00:642846 Debug(1623): GetProductHipInfo for product: Microsoft Defender ATP (100.86.92), vendor: Microsoft Corporation P2381-T775 Mar 30 12:39:00:649126 Debug(2005): Opswat Error(-12): An error when a method call was made on a component that does not implement it. Product: Microsoft Defender ATP (Ver: 100.86.92, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_RTP_STATE(V4), Signature: 100369, Category: 5(ANTIMALWARE), OESIS (V4 ver: 4.3.999.0, V3V4 ver: 4.3.749.0) P2381-T775 Mar 30 12:39:00:655530 Debug(2005): Opswat Error(-12): An error when a method call was made on a component that does not implement it. Product: Microsoft Defender ATP (Ver: 100.86.92, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_DEF_STATE(V4), Signature: 100369, Category: 5(ANTIMALWARE), OESIS (V4 ver: 4.3.999.0, V3V4 ver: 4.3.749.0) P2381-T775 Mar 30 12:39:00:662279 Debug(2005): Opswat Error(-12): An error when a method call was made on a component that does not implement it. Product: Microsoft Defender ATP (Ver: 100.86.92, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_LAST_SCAN_TIME(V4), Signature: 100369, Category: 5(ANTIMALWARE), OESIS (V4 ver: 4.3.999.0, V3V4 ver: 4.3.749.0)
03-30-2020 05:38 AM - edited 03-30-2020 05:39 AM
Hi @it_dist ,
I'd reach out to support.
There might already be a bug filed for this to have OPSWAT engaged to cover this properly.
Cheers,
-Kiwi.
03-30-2020 05:41 AM
Thanks Kiwi,
Ticket raised: 01417370
Regards,
Tom
11-16-2021 01:49 AM
Hello
do you have any news about this case?
Thanks
Kind regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
