Windows Security Health Agent (WSHA) and Windows Security Health Validator (WSHV) – Update

We have had several questions lately about the WSHA/WSHV so we figured it was time to provide an update to what we previously posted last year.

The WSHA is the SHA delivered with Windows Vista and Windows XP SP3. The WSHV is the SHV delivered with Windows Server 2008. They provide the ability to make network access decisions based on the following criteria:

·         Firewall is enabled

·         Antivirus is enabled and up-to-date

·         Antispyware is enabled and up-to-date

·         Automatic Updates is enabled

·         Security updates are up-to-date

Firewall, antivirus, and antispyware detection is available for both Microsoft and non-Microsoft applications. The WSHA detects any application that reports its status through Windows Security Center.

The WSHA will perform automatic remediation as follows, regardless of which firewall, antivirus, and antispyware products are present on the client:

·         Firewall turned off:  Turn on Windows Firewall

·         Antivirus off or out of date:  No automatic remediation is available

·         Antispyware off or out of date:  Turn on and update Windows Defender

The WSHA/WSHV also detects security update status and can remediate with Windows Server Update Services (WSUS), Windows Update, and Microsoft Update. This is discussed in more detail in a previous blog posting.

More information about the WSHA and WSHV can be found at

Mike Burk
WSHA/WSHV Program Manager


Skip to main content