The Endpoint Protection client or Symantec Network Access Control client is failing to execute the Host Integrity check.

book

Article ID: 158890

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protection (SEP) or Symantec Network Access Control (SNAC) client is failing to execute the Host Integrity check.

 

The SEP client Security Log file contains the following error:

Event: Host Integrity Failed
Description: Fail to execute Host Integrity check
Data: Error Type: 0x00400020, Error Code: 0x00000000
 

Cause

HI requires Windows Script Host along with associated script extensions to be enabled and associated in order to function properly.  If disabled or incorrectly associated HI will fail.

 

1. Verify Windows Script Host status on the affected machine.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings

DWORD "Enabled" value of "0" is DISABLED, "1" is ENABLE

2. Then verify script extension 

The .JS file extension may have been taken over by a different application in the Windows registry, such as a text editor.

By default the "HKEY_CLASSES_ROOT\.js" registry key should have a default value of "JSFile". If this has been changed, the Windows Scripting Host may be unable to find the ScriptEngine subkey, which leads to a failure when Host Integrity attempts to launch the script.

The same error can also occur if the value under "HKEY_CLASSES_ROOT\.js" is correct, but the "HKEY_CLASSES_ROOT\JSFile\ScriptEngine" is missing the default value of "JScript".

 

Resolution

To enable Windows Script Host

1. Change "Enabled" DWORD to '1' in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings
2. Run smc -stop / smc -start

To re-associate .js script extension

Importing the following snippet as a .reg file:

--------------------------------------------------------------------------------
REGEDIT4

[HKEY_CLASSES_ROOT\.js]
@="JSFile"

[HKEY_CLASSES_ROOT\JSFile\ScriptEngine]
@="JScript"
--------------------------------------------------------------------------------

See also possibly related issue when Endpoint Protection fails to execute Host Integrity check even though cscript.exe runs