Endpoint Security and Mobile VPN complaint despite Windows Security Center Alert

[Irek_Romaniuk]

I tried Endpoint Security VPN as well as Mobile (E80.60). I am still able to remotely VPN from PC without AV software (no scanning, client compliant - basically nothing happens).
Desktop VPN ‘Client is compliant’ despite Action Center (replaced Windows Security Center in Win7-8) alerting, see below screenshot and documentation excerpt



Side Notice: Whenever I use Endpoint Security instead of Mobile I am able to connect only once, next time cleint keeps connecting and getting TCP Reset from GW (I am using 77.10 UTM-1 as GW)

[melipla]

I tried Endpoint Security VPN as well as Mobile (E80.60). I am still able to remotely VPN from PC without AV software (no scanning, client compliant - basically nothing happens).
Desktop VPN ‘Client is compliant’ despite Action Center (replaced Windows Security Center in Win7-8) alerting, see below screenshot and documentation excerpt

So what are you using to detect it? Without that information we can't tell you why its failing. You basically have two options:

SCV checks (Endpoint Security VPN / full Endpoint Security client) -- if its not marking you as non-compliant then you set it up wrong, however this is really only good for checking for specific AV clients [ie via registry checks].

Compliance Checks (full Endpoint Security client) -- Again, this may have some client detection limitations. I know the SSL VPN can't check for Windows Defender via its compliance checks, but forget if the Endpoint Security can. This would go back to your configuration to look at why its not detecting.

Side Notice: Whenever I use Endpoint Security instead of Mobile I am able to connect only once, next time cleint keeps connecting and getting TCP Reset from GW (I am using 77.10 UTM-1 as GW)

Is this a new VPN set up? Sounds like a classic automatic topology update corrupting your site config, however I would expect similar results with the VPN too. If you don't see something similar then it could be something in your ES Policy.

[Irek_Romaniuk]

Checkpoint gave me new Endpoint Client , build 986000281 . At least no more TCP reset but still no SVC checks. This is old VPN setup, just trying to enable SVC checks. What ES Policy do you mean ? I have local.scv (on P1 server)
file edited (ProcessMonitor) to detect processes on PC, like below (tried many different versions, including ones suggested by Checkpoint):

Code:

 : (ProcessMonitor
                        :type (plugin)
                        :parameters (
                                :begin_or (or1)
                                :smc.exe (true)
                                :avgwdsvc.exe (true)
                                :avgtray.exe (true)
                                :avgemc.exe (true)
                                :avgnsa.exe (true)
                                :avgrsa.exe (true)
                                :avgnt.exe (true)
                                :ekrn.exe (true)
                                :avp.exe (true)
                                :avtask.exe (true)
                                :savui.exe (true)
                                :smc.exe (true)
                                :almon.exe (true)
                                :rtvscan.exe (true)
                                :end (or1)
                                :begin_admin (admin)
                                :send_log (alert)
                                :mismatchmessage ("Anti-Virus Requirement Not Met\n1If this is a corporate computer please contact the help desk at extension 9995.  If this is a personal computer please install an anti-virus application
 before using the VPN.")
                                :end (admin)
                        )
                )

:SCVPolicy (PrcoessMonitor)

This is all appied in Global properties. Checkpoint can't tell me what's wrong since more than 9 months

[Irek_Romaniuk]

Issue re-solved after enabling Policy Server and Desktop Security on the gateway. This is necessary for local.scv file to be copied from mgmt server to gw and then to workstation..