Global Protect HIP Check - Defender ATP

Reply
Highlighted
L1 Bithead

Global Protect HIP Check - Defender ATP

Hi, we're implementing Defender ATP as an anti-malware solution.

 

I would like HIP checks to restrict Global Protect connections from clients without a recent AV scan performed, without Real Time Protection Enabled or with out-of-date virus definitions, however the GP Host profile on the client doesn't collect this information:

Screenshot 2020-03-27 at 09.48.22.png 

 

Many full scans have completed and Real Time Protection is enabled, and the client has downloaded the latest definitions.

 

Am I missing something obvious or is this a bug?

 

Regards

Highlighted
Community Team Member

Re: Global Protect HIP Check - Defender ATP

Hi @it_dist ,

 

It's likely an OPSWAT issue where this ATP version isn't yet fully covered.

I'd recommend reaching out to support. Collect the OPSWAT diagnostic logs from a system with MS Defender ATP installed.

 

Cheers,

-Kiwi.

Highlighted
L1 Bithead

Re: Global Protect HIP Check - Defender ATP

Looks about right based on the GP HIP logs. Would you suggest reaching out to Palo support or direct to OPSWAT?

 

P2381-T775 Mar 30 12:39:00:642846 Debug(1623): GetProductHipInfo for product: Microsoft Defender ATP (100.86.92), vendor: Microsoft Corporation P2381-T775 Mar 30 12:39:00:649126 Debug(2005): Opswat Error(-12): An error when a method call was made on a component that does not implement it. Product: Microsoft Defender ATP (Ver: 100.86.92, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_RTP_STATE(V4), Signature: 100369, Category: 5(ANTIMALWARE), OESIS (V4 ver: 4.3.999.0, V3V4 ver: 4.3.749.0) P2381-T775 Mar 30 12:39:00:655530 Debug(2005): Opswat Error(-12): An error when a method call was made on a component that does not implement it. Product: Microsoft Defender ATP (Ver: 100.86.92, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_DEF_STATE(V4), Signature: 100369, Category: 5(ANTIMALWARE), OESIS (V4 ver: 4.3.999.0, V3V4 ver: 4.3.749.0) P2381-T775 Mar 30 12:39:00:662279 Debug(2005): Opswat Error(-12): An error when a method call was made on a component that does not implement it. Product: Microsoft Defender ATP (Ver: 100.86.92, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_LAST_SCAN_TIME(V4), Signature: 100369, Category: 5(ANTIMALWARE), OESIS (V4 ver: 4.3.999.0, V3V4 ver: 4.3.749.0)

Highlighted
Community Team Member

Re: Global Protect HIP Check - Defender ATP

Hi @it_dist ,

 

I'd reach out to support. 

There might already be a bug filed for this to have OPSWAT engaged to cover this properly.

 

Cheers,

-Kiwi.

Highlighted
L1 Bithead

Re: Global Protect HIP Check - Defender ATP

Thanks Kiwi,

 

Ticket raised: 01417370

 

Regards,

Tom

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!