https://community.cisco.com/t5/network-access-control/posture-download-and-execute-a-program/m-p/3583436#M528257 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I have long since known that we can offer both a file download as a remediation as well as the execution of signed code. Is there any way to actually run a signed executable that has been downloaded as part of a posture validation remediation flow on Windows? OS X? Getting an answer for Windows is a priority right now.</P><P></P><P>This would be on latest ISE/Posture Module and I spoke about it with <A href="https://community.cisco.com//u1/157264">vsantuka</A></P><P></P><P>Thanks,</P><P>Russ</P></BODY></HTML> Tue, 25 Jul 2017 04:48:44 GMT ruhearn 2017-07-25T04:48:44Z https://community.cisco.com/t5/network-access-control/posture-download-and-execute-a-program/m-p/3583436#M528257 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I have long since known that we can offer both a file download as a remediation as well as the execution of signed code. Is there any way to actually run a signed executable that has been downloaded as part of a posture validation remediation flow on Windows? OS X? Getting an answer for Windows is a priority right now.</P><P></P><P>This would be on latest ISE/Posture Module and I spoke about it with <A href="https://community.cisco.com//u1/157264">vsantuka</A></P><P></P><P>Thanks,</P><P>Russ</P></BODY></HTML> Tue, 25 Jul 2017 04:48:44 GMT https://community.cisco.com/t5/network-access-control/posture-download-and-execute-a-program/m-p/3583436#M528257 ruhearn 2017-07-25T04:48:44Z https://community.cisco.com/t5/network-access-control/posture-download-and-execute-a-program/m-p/3583437#M528258 <HTML><HEAD></HEAD><BODY><P>Theoretically, yes.</P><P></P><P>Here are two ways to accomplish this, first is to run the installer from the download server.&nbsp; Create an Application Condition at <STRONG>Policy &gt; Policy Elements &gt; Conditions &gt; Application Condition</STRONG>.&nbsp; This is where you choose the Application you would like to ensure is installed.</P><P><IMG alt="AppInstall1.PNG" class="image-1 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/109728_AppInstall1.PNG" style="height: 573px; width: 620px;" /></P><P>Create the Remediation Action that takes place if the Application is not installed at <STRONG style="font-size: 13.3333px;">Policy &gt; Policy Elements &gt; Results &gt; Launch Program Remediation</STRONG>.&nbsp; Point this to the installer source on your download server.</P><P><IMG alt="AppInstall2.PNG" class="jive-image image-2" src="https://community.cisco.com/legacyfs/online/fusion/109729_AppInstall2.PNG" style="height: 576px; width: 620px;" /></P><P>Create the Posture Requirement at <STRONG style="font-size: 13.3333px;">Policy &gt; Policy Elements &gt; Results &gt; Requirements</STRONG></P><P><IMG alt="AppInstall3.PNG" class="jive-image image-3" src="https://community.cisco.com/legacyfs/online/fusion/109730_AppInstall3.PNG" style="height: 19px; width: 620px;" /></P><P>Add the rule to your Posture Policy at <STRONG>Policy &gt; Posture</STRONG></P><P><IMG alt="AppInstall4.PNG" class="jive-image image-4" src="https://community.cisco.com/legacyfs/online/fusion/109731_AppInstall4.PNG" style="height: 14px; width: 620px;" /></P><P></P><P></P><P>The other option is the two step option that you mentioned.&nbsp; </P><P></P><P>Create a File Condition at <STRONG style="font-size: 13.3333px;">Policy &gt; Policy Elements &gt; Conditions &gt; File Condition</STRONG> to check if the installer file exists.</P><P><IMG alt="AppInstall5.PNG" class="jive-image image-5" src="https://community.cisco.com/legacyfs/online/fusion/109732_AppInstall5.PNG" style="height: 550px; width: 620px;" /></P><P></P><P>Then go to <STRONG style="font-size: 13.3333px;">Policy &gt; Policy Elements &gt; Conditions &gt; Application Condition</STRONG> and create the check for the installation of the application.</P><P><STRONG style="font-size: 13.3333px;"><IMG alt="AppInstall1.PNG" class="jive-image image-6" src="https://community.cisco.com/legacyfs/online/fusion/109733_AppInstall1.PNG" style="height: 573px; width: 620px;" /></STRONG></P><P></P><P>From here, we will create both Remediation Actions.&nbsp; Go to <STRONG style="font-size: 13.3333px;">Policy &gt; Policy Elements &gt; Results &gt; File Remediations </STRONG>and upload the file to be downloaded to your client.&nbsp; This file will reside on ISE.</P><P><IMG alt="AppInstall6.PNG" class="jive-image image-7" src="https://community.cisco.com/legacyfs/online/fusion/109734_AppInstall6.PNG" style="height: 380px; width: 620px;" /></P><P></P><P>Next, go to <STRONG style="font-size: 13.3333px;">Policy &gt; Policy Elements &gt; Results &gt; Launch Program Remediations </STRONG>and reference the local installer for your application.</P><P><IMG alt="AppInstall8.PNG" class="jive-image image-8" src="https://community.cisco.com/legacyfs/online/fusion/109735_AppInstall8.PNG" style="height: 377px; width: 620px;" /></P><P></P><P>Create your Requirements at <STRONG style="font-size: 13.3333px;">Policy &gt; Policy Elements &gt; Results &gt; Requirements</STRONG></P><P><STRONG style="font-size: 13.3333px;"><IMG alt="AppInstall9.PNG" class="jive-image image-9" src="https://community.cisco.com/legacyfs/online/fusion/109736_AppInstall9.PNG" style="height: 28px; width: 620px;" /> </STRONG></P><P>Add to your Posture Policy.&nbsp; Remember, the rules are run from the top down, so you want to check if the downloaded file exists prior to checking if the application is installed.</P><P><IMG alt="AppInstall10.PNG" class="image-10 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/109737_AppInstall10.PNG" style="height: 30px; width: 620px;" /></P><P></P><P>Now, having said all that, I did not go into detail as to the permissions/ACLs/access you will need to accomplish these tasks.&nbsp; One of the biggest things to remember is that the client MUST have permissions to install applications or this will not work.</P></BODY></HTML> Tue, 25 Jul 2017 12:49:31 GMT https://community.cisco.com/t5/network-access-control/posture-download-and-execute-a-program/m-p/3583437#M528258 Charlie Moreton 2017-07-25T12:49:31Z https://community.cisco.com/t5/network-access-control/posture-download-and-execute-a-program/m-p/3583438#M528259 <HTML><HEAD></HEAD><BODY><P>Hey Charles,</P><P></P><P>Thank you for the thorough reply, I suppose the bit I did miss out on here is that the clients, like many in an enterprise environment, do not have much if any access to run installers that are downloaded. </P><P></P><P>Cheers,</P><P>Russ</P></BODY></HTML> Tue, 25 Jul 2017 13:34:12 GMT https://community.cisco.com/t5/network-access-control/posture-download-and-execute-a-program/m-p/3583438#M528259 ruhearn 2017-07-25T13:34:12Z