If you are still searching for “Pulse Secure VPN status” — you are likely aware it has been rebranded. Pulse Secure was acquired by Ivanti in 2020 and is now called Ivanti Secure Access Client (ISAC). The original scripting techniques for querying VPN connection status from the registry and Event Viewer still work, but the registry paths and event source names have partially changed. This updated guide covers both the legacy Pulse Secure paths and the current Ivanti Secure Access equivalents — useful if you manage a mixed fleet mid-migration.
| Detail | |
|---|---|
| Last Updated | March 2026 |
| Applies To | Windows 10, Windows 11 |
| Product Names | Ivanti Secure Access Client (current), Pulse Secure (legacy) |
| Pulse Connect Secure 9.1x | End of Support reached December 31, 2024 |
| Difficulty | Beginner to Intermediate |
Pulse Secure → Ivanti Secure Access: What Changed
Before diving into the scripts, here is a quick summary of what changed and what stayed the same:
| Pulse Secure (legacy) | Ivanti Secure Access Client (current) | |
|---|---|---|
| Product name | Pulse Secure | Ivanti Secure Access Client (ISAC) |
| Client version scheme | 9.x | 22.Rx and later |
| Install path | C:\Program Files (x86)\Pulse Secure\ | C:\Program Files (x86)\Ivanti\Secure Access Client\ |
| Registry base path | HKLM\SOFTWARE\WOW6432Node\Pulse Secure\ | HKLM\SOFTWARE\WOW6432Node\Pulse Secure\ (retained for compatibility) |
| Process name | PulseUI.exe | IvantisecureAccessClient.exe |
| Service name | PulseSecureService | IvantiSAService |
| Event log source | Pulse Secure | Ivanti Secure Access Client |
| EOL status | 9.1x reached EOL December 31, 2024 | Current — 22.7R2.6+ recommended |
The most important practical note: the registry base path retained the “Pulse Secure” name even in the Ivanti-branded client, which means many of the original scripts still work without modification on upgraded endpoints.
Method 1: Check VPN Status via Process Detection
The quickest and most reliable way to detect whether the VPN is connected is to check for the VPN tunnel network adapter or the active process. This works regardless of client version:
# Check if Ivanti/Pulse Secure VPN tunnel adapter is active
function Get-VPNConnectionStatus {
# Check for active VPN network adapter (works for both Pulse and Ivanti)
$vpnAdapter = Get-NetAdapter | Where-Object {
$_.InterfaceDescription -match "Pulse Secure" -or
$_.InterfaceDescription -match "Ivanti" -or
$_.InterfaceDescription -match "Juniper"
}
if ($vpnAdapter -and $vpnAdapter.Status -eq "Up") {
return [PSCustomObject]@{
Connected = $true
AdapterName = $vpnAdapter.Name
AdapterStatus = $vpnAdapter.Status
Description = $vpnAdapter.InterfaceDescription
}
} else {
return [PSCustomObject]@{
Connected = $false
AdapterName = $null
AdapterStatus = "Not connected"
Description = $null
}
}
}
$status = Get-VPNConnectionStatus
if ($status.Connected) {
Write-Host "VPN Connected — Adapter: $($status.AdapterName)"
} else {
Write-Host "VPN Not Connected"
}Method 2: Check VPN Status via Registry
The Ivanti Secure Access Client (and legacy Pulse Secure) stores connection state information in the registry. The base path retained the Pulse Secure name for backwards compatibility:
# Registry paths — both legacy Pulse Secure and current Ivanti client
$regPaths = @(
"HKLM:\SOFTWARE\WOW6432Node\Pulse Secure\Pulse",
"HKCU:\SOFTWARE\Pulse Secure\Pulse"
)
foreach ($path in $regPaths) {
if (Test-Path $path) {
Write-Host "Found registry path: $path"
Get-ItemProperty -Path $path | Select-Object * -ExcludeProperty PS*
}
}
# Check specifically for last connected server / connection name
$connectionPath = "HKCU:\SOFTWARE\Pulse Secure\Pulse\User"
if (Test-Path $connectionPath) {
$connectionData = Get-ItemProperty -Path $connectionPath -ErrorAction SilentlyContinue
Write-Host "Last connection data: $($connectionData | Out-String)"
}To check whether the VPN client service is running — a prerequisite for any active connection:
# Check VPN client service — covers both legacy and current client
$services = @("IvantiSAService", "PulseSecureService", "PulseSecure")
foreach ($svc in $services) {
$service = Get-Service -Name $svc -ErrorAction SilentlyContinue
if ($service) {
Write-Host "Service: $($service.DisplayName) — Status: $($service.Status)"
}
}Method 3: Check VPN Status via Event Viewer
Both the legacy Pulse Secure client and the current Ivanti Secure Access Client write connection events to the Windows Event Log. The event source name differs between versions:
# Query VPN connection events from Event Viewer
# Covers both Pulse Secure (legacy) and Ivanti Secure Access Client (current)
$sources = @("Pulse Secure", "Ivanti Secure Access Client", "IvantiSAClient")
$events = @()
foreach ($source in $sources) {
try {
$found = Get-WinEvent -FilterHashtable @{
LogName = "Application"
ProviderName = $source
} -MaxEvents 20 -ErrorAction Stop
$events += $found
} catch {
# Source not found on this device — skip silently
}
}
if ($events) {
$events |
Sort-Object TimeCreated -Descending |
Select-Object TimeCreated, Id, LevelDisplayName, Message |
Format-Table -AutoSize -Wrap
} else {
Write-Host "No VPN events found in Application log for known source names."
}To get only the most recent connection and disconnection events:
# Get last VPN connect and disconnect events
$sources = @("Pulse Secure", "Ivanti Secure Access Client")
$sources | ForEach-Object {
$source = $_
try {
$latest = Get-WinEvent -FilterHashtable @{
LogName = "Application"
ProviderName = $source
} -MaxEvents 50 -ErrorAction Stop |
Where-Object { $_.Message -match "connect|disconnect|tunnel" } |
Select-Object -First 5
if ($latest) {
Write-Host "`nEvents from source: $source"
$latest | Select-Object TimeCreated, Id, Message |
Format-Table -AutoSize -Wrap
}
} catch { }
}Method 4: All-in-One VPN Status Report
A combined script that checks adapter, service, registry, and recent events in one output — useful as a diagnostic tool or Intune Remediation detection script:
# VPN Status Report — Ivanti Secure Access / Pulse Secure
# Suitable for Intune Remediation detection or helpdesk diagnostics
$report = [ordered]@{}
# 1. Check VPN network adapter
$vpnAdapter = Get-NetAdapter | Where-Object {
$_.InterfaceDescription -match "Pulse|Ivanti|Juniper"
}
$report["VPN Adapter"] = if ($vpnAdapter) { "$($vpnAdapter.Name) [$($vpnAdapter.Status)]" } else { "Not found" }
$report["VPN Connected"] = [bool]($vpnAdapter | Where-Object Status -eq "Up")
# 2. Check services
foreach ($svc in @("IvantiSAService", "PulseSecureService")) {
$s = Get-Service -Name $svc -ErrorAction SilentlyContinue
if ($s) { $report["Service: $svc"] = $s.Status }
}
# 3. Check client install
$clientPaths = @(
"${env:ProgramFiles(x86)}\Ivanti\Secure Access Client\IvantisecureAccessClient.exe",
"${env:ProgramFiles(x86)}\Pulse Secure\Pulse\PulseUI.exe"
)
foreach ($p in $clientPaths) {
if (Test-Path $p) {
$ver = (Get-Item $p).VersionInfo.FileVersion
$report["Client Installed"] = "$p (v$ver)"
break
}
}
# 4. Last VPN event
foreach ($src in @("Ivanti Secure Access Client", "Pulse Secure")) {
try {
$lastEvent = Get-WinEvent -FilterHashtable @{
LogName = "Application"; ProviderName = $src
} -MaxEvents 1 -ErrorAction Stop
$report["Last Event ($src)"] = "$($lastEvent.TimeCreated) — $($lastEvent.Message.Substring(0, [Math]::Min(80, $lastEvent.Message.Length)))"
break
} catch { }
}
# Output
$report.GetEnumerator() | ForEach-Object {
Write-Host "$($_.Key): $($_.Value)"
}Intune Remediation: Detect if VPN Client Is Installed
A common use case is detecting whether the Ivanti Secure Access Client is installed on a device as part of a compliance check. Use this as an Intune Remediation detection script:
# Detection script: Is Ivanti Secure Access Client (or Pulse Secure) installed?
$clientPaths = @(
"${env:ProgramFiles(x86)}\Ivanti\Secure Access Client\IvantisecureAccessClient.exe",
"${env:ProgramFiles(x86)}\Pulse Secure\Pulse\PulseUI.exe"
)
$registryPaths = @(
"HKLM:\SOFTWARE\WOW6432Node\Ivanti\Secure Access Client",
"HKLM:\SOFTWARE\WOW6432Node\Pulse Secure\Pulse"
)
$installed = ($clientPaths | Where-Object { Test-Path $_ }).Count -gt 0
if (-not $installed) {
$installed = ($registryPaths | Where-Object { Test-Path $_ }).Count -gt 0
}
if ($installed) {
Write-Host "Ivanti Secure Access Client / Pulse Secure is installed."
exit 0 # Compliant
} else {
Write-Host "VPN client not found."
exit 1 # Non-compliant — trigger remediation
}Security Note: CVE-2025-22457 and EOL Versions
If you are still running Pulse Connect Secure 9.1x on your VPN gateway, take note: Pulse Connect Secure 9.1x reached end of support on December 31, 2024. In early 2025, a critical vulnerability (CVE-2025-22457) was disclosed that affected Pulse Connect Secure 9.1x and Ivanti Connect Secure versions prior to 22.7R2.6. The vulnerability was fully patched in Ivanti Connect Secure 22.7R2.6, released February 11, 2025.
If your environment is still on any version prior to 22.7R2.6, upgrading the gateway should be your first priority before spending time on scripting the client status.
Summary
Querying Ivanti Secure Access / Pulse Secure VPN status via PowerShell works through four complementary approaches — network adapter detection is the most reliable for a simple connected/not-connected check, while Event Viewer gives you the richest historical data for troubleshooting. The registry paths retained the “Pulse Secure” naming even in the Ivanti-branded client, so most legacy scripts continue to work without modification.
- Use
Get-NetAdapterfiltered by “Pulse”, “Ivanti”, or “Juniper” for the most reliable connected/not-connected check - Registry base path
HKLM:\SOFTWARE\WOW6432Node\Pulse Secure\Pulseis retained in the Ivanti-branded client for backwards compatibility - Event source name changed from “Pulse Secure” to “Ivanti Secure Access Client” — query both when managing a mixed fleet
- Service name changed from
PulseSecureServicetoIvantiSAServiceon upgraded endpoints - Pulse Connect Secure 9.1x gateways reached EOL December 2024 — upgrade to Ivanti Connect Secure 22.7R2.6 or later