NAP Clients Are Not Reported as Infected
Updated: March 29, 2012
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
This problem occurs if a system health agent (SHA) does not provide extended state information in the statement of health (SoH).
Description of system behavior
You can configure a noncompliant health policy to restrict the access of Network Access Protection (NAP) client computers that are infected with a virus by selecting the Client reported as infected by one or more SHVs SHV check. However, this SHV check will match a client access request only if the client is infected and an installed SHA supports the use of extended state information. If the SHA does not provide this information, then the client will not match the noncompliant health policy.
Associated operating system events
- NPS event ID 6278: Network Policy Server granted full access to a user because the host met the defined health policy.
Root cause diagnosis and resolution
In order to evaluate infected client computers as noncompliant and restrict their network access, you must install an antivirus SHA that supports extended state information.