Description
This article describes how to find GUID and versions of 3rd party antivirus products to create custom host check definitions.
Scope
The command has been tested on Windows 7 x64 and x86 & Windows 10.
Solution
Follow the below steps in PowerShell to find the name, GUID value and version of any 3rd party Antivirus or Firewall product installed on a Windows PC:
1) Open PowerShell on a Windows PC.
2) This screen will be presented.
3) Execute the below command to find the name of the anti virus product, Guid value and Product version details.
gwmi -Namespace root\securitycenter2 -Class AntivirusProduct
In the above output, highlighted fields 'displayName' indicates the antivirus product name.
'Instance GUID' indicates the GUID value.
4) In the same output, navigate to the field highlighted 'pathToSignedProductExe', shown below make a note of the path of the executable file.
'Instance GUID' indicates the GUID value.
4) In the same output, navigate to the field highlighted 'pathToSignedProductExe', shown below make a note of the path of the executable file.
Example.
C:\Program Files\McAfee.com\Agent\mcupdate.exe
5) Copy the path and keep in place of 'executable path' in the below command and the output is similar to the below one which display's the product version.
(get-Item C:\Executable path).versionInfo | Format-List
Note: If there are spaces in the directory path or file name, enclose the directory path and file name in double quotes as in the example above.
6) Configure the hostcheck in FortiGate CLI Config using the product version and GUID taken note of previously.
# config vpn ssl web host-check-software
edit "Mcafee virusscan"
set version "18.4"
set guid " F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09"
next
end
edit "Mcafee virusscan"
set version "18.4"
set guid " F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09"
next
end
7) Configure the SSL VPN web portal (full-access) to enable the host to check for compliant Mcafee antivirus software on the user’s computer:
# config vpn ssl web portal
edit full-access
set host-check custom
set host-check-policy Mcafee virusscan
end
8 ) If GUID differs then hostcheck will fail. The version check will pass as long as the application version is equal to or greater than what is defined in the custom host check definition along with GUID match.
Example.
Application Version 18.0 - Custom host check definition version 19.0 - Host check will fail
Application Version 18.0 - Custom host check definition version 18.0 - Host check will pass
Application Version 19.0 - Custom host check definition version 18.0 - Host check will pass
Application Version 18.0 - Custom host check definition version 18.0 - Host check will pass
Application Version 19.0 - Custom host check definition version 18.0 - Host check will pass
Note: Host check works only for tunnel mode when Forticlient is involved. It does not work for web mode(browser).
Related Articles
Technical Tip: Details about host check list and host-check-policy passing condition
