Skip to content

EPS Troubleshooting Guide

Introduction

In HySecure there is a requirement for having specific antivirus, antispyware, or firewall to be installed and enabled and updated on the user’s machine for logging in.

When Antivirus/Antispyware or Firewall detection happens:

  1. Realm Init Request is sent whenever the User tries to login
  2. In response of this request It is asked by gateway to do EPS handshake or not.
  3. If EPS is enabled, then collected information about device is sent to the gateway in “EPS_RESPONSE” call
  4. When this call is been given to gateway applies the policies set on the server and detect if the device falls in quarantine zone or safe zone or login is to be denied.

Reading the LOG File

INFO LEVEL If log level INFO (default is set) following logs appear in the uaclog.log file

[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : Sending request for init realm to gateway 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : Time taken to complete EPS init request [0.204 seconds] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : EPS Detection policy: EPS enabled [1] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : EPS Detection policy: Antivirus [1] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : EPS Detection policy: AntiSpyware [0] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : EPS Detection policy: Firewall [0] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : EPS Detection policy: MAC ID [1] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : EPS Detection policy: IP Address [1] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : EPS Detection policy: Custom [0] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : EPS is enabled, starting EPS processing 
[TID-25840] : [ Date:11-06-2020 Time:17:02:14 ] : Connecting directly to fes server [myoffice1.accops.com:8443] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : Scanned Info : Antivirus count [2], Antispyware count [0], Firewall count [0] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : Sending EPS init response. 
[TID-2192] : [ Date:11-06-2020 Time:17:02:14 ] : Sending EPS request to gateway 
[TID-15624] : [ Date:11-06-2020 Time:17:02:15 ] : Time taken to create SSL connection with gateway [0.669 seconds] 
[TID-15624] : [ Date:11-06-2020 Time:17:02:15 ] : Connecting directly to fes server [myoffice1.accops.com:8443] 
[TID-2192] : [ Date:11-06-2020 Time:17:02:15 ] : Time taken to complete EPS response [0.343 seconds]

How to troubleshoot:

Detecting the Security product on the user’s device.

  1. Goto RUN -> “wbemtest” and hit enter.

  1. It will open “Windows Management Instrumentation Test” tool

  1. Click on “Connect…” button and it will open another window

  1. In the “Namespace” edit box type “cimv\SecurityCenter2” And Press Connect Button

  1. It will enable the previously disabled button for you to do openrations on

  1. To detect Antiviruses installed on the system click on “Enum Classes” button:

  1. No need to enter anything in the superclass name, Just Click on OK button and list of classes will be shown to you

  1. Select “AntivirusProduct” and double click on it and it will show the list of attributes for the class.

  1. Click on “Instances” button and you will see the instances of the class.

  1. Select any from item from shown list of antiviruses instances and it will give you the details of instance and scrolling down a little will give you the name of antivirus. Similar activity can be done for another other instances.