https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/4693979#M577397 <P>You can get the updated link, for the last Compliance Module, here: <A href="https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-device-support-tables-list.html" target="_blank">https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-device-support-tables-list.html</A></P><P>&nbsp;</P> Mon, 26 Sep 2022 17:40:03 GMT Mauritz 2022-09-26T17:40:03Z https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/3494121#M509789 <HTML><HEAD></HEAD><BODY><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;"><SPAN style="font-size: 11pt;">I’m reaching out in need of some support with an issue I am facing with a customer ISE project.</SPAN></P><P></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;"><SPAN style="font-size: 11pt;">Customer has Landesk Version 10 Security Patch Manager by which they push Windows Security Patches to all endpoints. They have two requirements.</SPAN></P><P></P><OL start="1" style="color: #000000; font-family: -webkit-standard;"><LI><SPAN style="font-size: 11pt;">Run a posture check for Landesk App installation and running services.</SPAN></LI><LI><SPAN style="font-size: 11pt;">Check for Latest critical patches installation and remediate if not installed. (Under Conditons\Patch Management Conditions\Vendor=Landesk\Up to Date\Critical Patches.</SPAN></LI></OL><P><SPAN style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;"> </SPAN><SPAN style="color: #000000; font-size: 11pt; font-family: Calibri, sans-serif;">I have created policies for Rule 1 and 2. Rule 1 works well and detects the running application. Rule 2 testing was done on 2 machines.</SPAN></P><UL><LI><SPAN style="font-size: 11pt;">First machine with latest patches installed and the posture status was compliant.</SPAN></LI><LI><SPAN style="font-size: 11pt;">Second Machine was without the latest patches (uninstalled 5 recent security patches, Control Panel/View Installed Updates).</SPAN></LI></UL><P></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;"><SPAN style="font-size: 11pt;">Issue: For the second machine, even though the patches weren’t latest, the status became back as compliant. I checked the reports on ISE and saw that ISE was passing the critical patches condition for Landesk successfully. Didn’t get any more details. How is Anyconnect checking the installation of critical patches through Landesk. Is it integrated with the Landesk Client on PC and checks with the server for comparison?</SPAN></P><P></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;"><SPAN style="font-size: 11pt;">Please provide any inputs on how to mitigate this issue. Also the best way to check if latest patches are installed.</SPAN></P></BODY></HTML> Mon, 21 May 2018 08:35:25 GMT https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/3494121#M509789 srikkulk 2018-05-21T08:35:25Z https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/3494122#M509791 <HTML><HEAD></HEAD><BODY><P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/ac_compliance_module/Cisco_AnyConnect_ISE_Posture_Win_Support_Charts_for_Compliance_Module_4_2_1538_0.html">Cisco AnyConnect ISE Posture Windows Support Charts for Compliance Module v4.2.1538.0</A><SPAN style="font-size: 10pt;"> shows that LANDESK Software, Inc.'s Security and Patch Manager 9.x required CM 4.2.1331.0 minimal and has support for</SPAN></P><UL><LI><SPAN style="font-size: 10pt;">Activate GUI Remediation</SPAN></LI><LI><SPAN style="font-size: 10pt;">Up-to-date Check</SPAN></LI><LI><SPAN style="font-size: 10pt;">Application Running Check</SPAN></LI><LI><SPAN style="font-size: 10pt;">Application Kill</SPAN></LI></UL><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P>Yes, the remediation is generally done through the patch management client. Thus, please also check the logs on the LANDESK side. If you need further details, please get a copy of the DART file and submit it to Cisco TAC.</P></BODY></HTML> Tue, 22 May 2018 04:14:56 GMT https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/3494122#M509791 hslai 2018-05-22T04:14:56Z https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/3494123#M509793 <HTML><HEAD></HEAD><BODY><P>Thanks. I'm using CM 3.6.x which is recently updated than 4.x and support Landesk version 10. </P><P></P><P>But im still getting posture status as compliant even when patches are missing. Any idea why that is happening?</P></BODY></HTML> Tue, 22 May 2018 05:32:59 GMT https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/3494123#M509793 srikkulk 2018-05-22T05:32:59Z https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/4015172#M509794 <P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/ac_compliance_module/Cisco_AnyConnect_ISE_Posture_Win_Support_Charts_for_Compliance_Module_4_2_1538_0.html" rel="nofollow noopener noreferrer" target="_blank">Cisco AnyConnect ISE Posture Windows Support Charts for Compliance Module v4.2.1538.0</A></P><P>&nbsp;</P><P>Link broken...too bad Cisco removes the older Compliance Module support charts from the portal</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 21 Jan 2020 10:08:46 GMT https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/4015172#M509794 Peter Koltl 2020-01-21T10:08:46Z https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/4693979#M577397 <P>You can get the updated link, for the last Compliance Module, here: <A href="https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-device-support-tables-list.html" target="_blank">https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-device-support-tables-list.html</A></P><P>&nbsp;</P> Mon, 26 Sep 2022 17:40:03 GMT https://community.cisco.com/t5/network-access-control/patch-ise-condition/m-p/4693979#M577397 Mauritz 2022-09-26T17:40:03Z