NAP Clients Are Not Reported as Infected

Updated: March 29, 2012

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

This problem occurs if a system health agent (SHA) does not provide extended state information in the statement of health (SoH).

Description of system behavior

You can configure a noncompliant health policy to restrict the access of Network Access Protection (NAP) client computers that are infected with a virus by selecting the Client reported as infected by one or more SHVs SHV check. However, this SHV check will match a client access request only if the client is infected and an installed SHA supports the use of extended state information. If the SHA does not provide this information, then the client will not match the noncompliant health policy.

Associated operating system events

  • NPS event ID 6278: Network Policy Server granted full access to a user because the host met the defined health policy.

Root cause diagnosis and resolution

In order to evaluate infected client computers as noncompliant and restrict their network access, you must install an antivirus SHA that supports extended state information.