Windows Security Health Agent and Validator for XP SP3 and Vista SP1

Security health monitoring is a critical part of maintaining the Windows server and client platforms as bulletproof as possible. In this regard, Windows Vista RTM and Service Pack 1 as well as Windows XP Service Pack 3 (an only SP3) come with the Windows Security Health Agent (WSHA). On the server side, the counterpart of the WSHA is the Windows Security Health Validator (WSHV) included in Windows Server 2008.

WSHA and WSHV “provide the ability to make network access decisions based on the following criteria: Firewall is enabled; Antivirus is enabled and up-to-date; Antispyware is enabled and up-to-date; Automatic Updates is enabled; and Security updates are up-to-date,” revealed Mike Burk, WSHA/WSHV Program Manager. “Firewall, antivirus, and antispyware detection is available for both Microsoft and non-Microsoft applications. The WSHA detects any application that reports its status through Windows Security Center.”

As far as Vista RTM/SP1 and XP SP3 are concerned, the state of Windows Security Center is closely analyzed by the WSHA. The results of the monitoring are then made available to the NAP Agent service, since the Windows Security Health Agent is in fact a component of the Network Access Protection (NAP). Each Windows client delivers a statement of health based on the reports coming from the WSHA.

According to Microsoft, the System Health Validators are nothing more than the equivalents of the WSHA, but for server operating systems. Via the server software agents, the Network Policy Server can check the statement of health for client machines with Vista and XP SP3.

“The WSHA will perform automatic remediation as follows, regardless of which firewall, antivirus, and antispyware products are present on the client: Firewall turned off: Turn on Windows Firewall; Antivirus off or out of date: No automatic remediation is available; Antispyware off or out of date: Turn on and update Windows Defender. The WSHA/WSHV also detects security update status and can remediate with Windows Server Update Services (WSUS), Windows Update, and Microsoft Update,” Burk revealed.