EPA scan classification types on Windows client
Endpoint Analysis is intended to analyze the user device against pre-determined compliance criteria and does not enforce or validate the security of end-user devices. It is recommended to use endpoint security systems to protect devices from local admin attacks.
The following new classification types are added to the EPA scan for missing patches. The EPA scan fails if the client has any of the following missing patches.
Earlier, the EPA scans for missing patches were done on the severity levels; Critical, Important, Moderate, and Low on the Windows client.
If you are using Citrix Secure Access for Windows 22.214.171.124 and above, the scan
CLIENT.SYSTEM('WIN-UPDATE_SCAN-TIME')is limited to client machines that have the automatic updates enabled. If the automatic updates are disabled, this scan returns a different outcome.
Configure the EPA scan classification types by using the GUI
- Navigate to NetScaler Gateway > Policies > Preauthentication.
- Create a new preauthentication policy or edit an existing policy.
- Click the OPSWAT EPA Editor link.
- In Expression Editor, select Windows > Windows Update.
- In Shouldn’t have missing patch of following windows update classification type, select the classification type for the missing patches.
Customers can upgrade to the OPSWAT version 4.3.2744.0s to use these options.
- For details about the Windows server update services classification GUIDs, see https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85).
- For the description of the Microsoft software updates terminology, see https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates.