The root cause as provided by Pulse Secure KB43790
Though we strive to provide zero day support for AV's and firewalls, we may run into issues where a major version upgrade is released for a vendor after ESAP release and we may not have the support for the AV/firewall in the ESAP which was just released. we will see an error that HC failed due to reason "Compliance requires real time protection enabled" or the AV/firewall product will not be detected at all and it will show failure for windows defender on windows as windows defender is the default AV/firewall product.
Workaround as provided by Pulse Secure KB22348 and which can be implemented by the Pulse Secure Administrator. See Pulse Secure KB22348 for details.
- There are instances when there are unsupported antivirus, anti-Spyware, etc, on the ESAP product list.
- In such a scenario, there may be clients trying to connect to PCS/PPS with a unsupported application on their computer. The user may be connecting to a protected role and he or she may not connect as expected; while they might see a non-compliance message on their browser by Host Checker.
- To overcome this situation, an PCS/PPS administrator can use the process check feature provided by the PCS/PPS OS.
- If the work around is accepted, Perform the procedure mentioned in the Solution section to configure the PCS/PPS for process check, which will effectively inspect if the respective process is running for a particular application on a computer. If the process check succeeds, the host check completes and if it fails, the end user will not be able to logon to PCS/PPS.