HIP Match for anti-malware does not work on GlobalProtect Agent

HIP Match for anti-malware does not work on GlobalProtect Agent

3052
Created On 04/27/22 06:45 AM - Last Modified 10/23/23 18:23 PM


Symptom


  • HIP Objects are set on cloud managed Panorama.
  • The matched objects are installed on the GlobalProtect Agent App.
  • HIP Match logs does not display the correct matched objects.
Example:
  • The following HIP Objects are configured on Panorama
    •  01.McAfee-is-installed
    •  02.McAfee-is-not-installed
    •  03.WinDefender-is-installed
    •  04.WinDefender-is-not-installed
    •  05.XDR-is-installed
    •  06.XDR-is-not-installed
HIP_Object.png
  • "Windows Defender" and "McAfee LiveSafe- Internet" are installed on the  PC with GlobalProtect App.
GP App > Settings > Host Information Profile
GP_Info.png
  • The expected hits to be seen in the logs are
    •  01.McAfee-is-installed
    •  03.WinDefender-is-installed
    •  06.XDR-is-not-installed
 
  • When checking the logs wrong objects are matched instead of the above
GUI: Monitor > Logs > HIP Match
HIP.png
 
 

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.1 and above
  • HIP Objects
  • GlobalProtect Agent versions 5.2.10 and below

Cause


Software issue.

Resolution


  1. The issue is fixed under GPC-14611 in GP App version 5.2.11.
  2. Upgrading the GlobalProtect Client to the above version will resolve the issue.

Additional Information


How To Configure HIP Based Policy Enforcement
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OLgCAM&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail