https://community.cisco.com/t5/network-access-control/antimalware-definition-checks-posture/m-p/4399820#M567203 <P>Yes your assumptions are correct, but with Windows Defender the risk of the definitions being older than five days is very low since Microsoft updates on a 2 hour schedule. I still prefer to use 5 days from the last known definition date because of this though, not every AV/AM is as frequent as Microsoft.&nbsp;&nbsp;</P> Sun, 09 May 2021 06:11:09 GMT Damien Miller 2021-05-09T06:11:09Z https://community.cisco.com/t5/network-access-control/antimalware-definition-checks-posture/m-p/4399818#M567202 <P>Hi Experts,</P><P>We're running ISE 2.6 with Patch 8 installed. AnyConnect is 4.8 and the Compliance Module is 4.3.X. I've been asked to configure a New AV Posture policy Definition check for Windows Defender.&nbsp;</P><P>&nbsp;</P><P>Name: AV_Def_5days</P><P>Compliance Module: 4.X or later</P><P>Operating System: Windows All</P><P>Vendor: Microsoft Corporation</P><P><STRONG>Check Type: Definition</STRONG></P><P><STRONG>Allow Virus Definition to be 5 days older than the Current system date</STRONG></P><P>&nbsp;</P><P>1. With the above config, I assume users should be having the Definition file date which are no longer older than the current system date (running on users PC). Is that correct?</P><P>2. What if the vendor isn't updating their AV database every 5 days once? Will the ISE mark them as non-compliant?&nbsp;</P><P>&nbsp;</P><P>Thanks in advance</P> Sun, 09 May 2021 08:36:01 GMT https://community.cisco.com/t5/network-access-control/antimalware-definition-checks-posture/m-p/4399818#M567202 Srinivasan Nagarajan 2021-05-09T08:36:01Z https://community.cisco.com/t5/network-access-control/antimalware-definition-checks-posture/m-p/4399820#M567203 <P>Yes your assumptions are correct, but with Windows Defender the risk of the definitions being older than five days is very low since Microsoft updates on a 2 hour schedule. I still prefer to use 5 days from the last known definition date because of this though, not every AV/AM is as frequent as Microsoft.&nbsp;&nbsp;</P> Sun, 09 May 2021 06:11:09 GMT https://community.cisco.com/t5/network-access-control/antimalware-definition-checks-posture/m-p/4399820#M567203 Damien Miller 2021-05-09T06:11:09Z https://community.cisco.com/t5/network-access-control/antimalware-definition-checks-posture/m-p/4400015#M567207 <P>Thanks Damien.</P><P>We're also looking for the other option "Latest file date" which I guess implies, the virus definition files installed on the machine are no more 5 days older than the versions that ISE knows about. Is it correct?</P><P>Cheers,</P> Mon, 10 May 2021 01:31:59 GMT https://community.cisco.com/t5/network-access-control/antimalware-definition-checks-posture/m-p/4400015#M567207 Srinivasan Nagarajan 2021-05-10T01:31:59Z