https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5145124#M590644 <OL> <LI>Depends on the antimalware software.&nbsp;<A href="https://community.cisco.com/t5/security-knowledge-base/ise-posture-prescriptive-deployment-guide/ta-p/3680273" target="_blank">https://community.cisco.com/t5/security-knowledge-base/ise-posture-prescriptive-deployment-guide/ta-p/3680273</A>&nbsp;<BR /><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/ac_compliance_module/cisco-anyconnect-ise-posture-windows-support-charts-for-compliance-module-v4-3-4114-8192.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/ise/ac_compliance_module/cisco-anyconnect-ise-posture-windows-support-charts-for-compliance-module-v4-3-4114-8192.html</A></LI> <LI>This is handled via the endpoint itself, not ISE.&nbsp; Best to use GPO, MDM, or Cisco Secure Client NAM to control this.&nbsp;&nbsp;</LI> </OL> Mon, 15 Jul 2024 17:57:03 GMT ahollifield 2024-07-15T17:57:03Z https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5145052#M590641 <P>Hello,</P> <P>We are implementing ISE posture check.</P> <P>I did not find how to check the following, please if it possible with ISE let me know:</P> <P>1- Check if the antimalware software ran a succsesful scan it the past x days.</P> <P>2- check if the PC is not conected to an OPEN WIFI network.</P> <P>&nbsp;</P> <P>thank you</P> Mon, 15 Jul 2024 16:16:22 GMT https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5145052#M590641 babalao 2024-07-15T16:16:22Z https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5145124#M590644 <OL> <LI>Depends on the antimalware software.&nbsp;<A href="https://community.cisco.com/t5/security-knowledge-base/ise-posture-prescriptive-deployment-guide/ta-p/3680273" target="_blank">https://community.cisco.com/t5/security-knowledge-base/ise-posture-prescriptive-deployment-guide/ta-p/3680273</A>&nbsp;<BR /><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/ac_compliance_module/cisco-anyconnect-ise-posture-windows-support-charts-for-compliance-module-v4-3-4114-8192.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/ise/ac_compliance_module/cisco-anyconnect-ise-posture-windows-support-charts-for-compliance-module-v4-3-4114-8192.html</A></LI> <LI>This is handled via the endpoint itself, not ISE.&nbsp; Best to use GPO, MDM, or Cisco Secure Client NAM to control this.&nbsp;&nbsp;</LI> </OL> Mon, 15 Jul 2024 17:57:03 GMT https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5145124#M590644 ahollifield 2024-07-15T17:57:03Z https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5145143#M590647 <P>Hello,</P> <P>I do not see anything about a antimalware SCAN on this docs.&nbsp;</P> <P>I mean if I can check based on a scan not malware definitions (date,latest).</P> <P>Thank you.</P> Mon, 15 Jul 2024 18:43:14 GMT https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5145143#M590647 babalao 2024-07-15T18:43:14Z https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5145160#M590649 <P>I see what you are asking now.&nbsp; I'm not aware of a way to check for most recent scan.</P> Mon, 15 Jul 2024 19:04:55 GMT https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5145160#M590649 ahollifield 2024-07-15T19:04:55Z https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5146178#M590688 <P>Ok, I guess it is not possible with ISE.</P> <P>Thanks.</P> Wed, 17 Jul 2024 17:33:10 GMT https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5146178#M590688 babalao 2024-07-17T17:33:10Z https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5147509#M590740 <P class="lia-align-justify">Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1487216">@babalao</a>&nbsp;,</P> <P class="lia-align-justify">&nbsp;please check the <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/release_notes/b_ise_32_RN.html#concept_ckl_qxl_rsb" target="_blank" rel="noopener">Posture Condition Script Support</A> (<STRONG>ISE 3.2+</STRONG>).</P> <P class="lia-align-justify">&nbsp;<STRONG>Administrator</STRONG> can run a <U>script</U> as a "<STRONG>Posture Condition</STRONG>"&nbsp;(at <STRONG>Policy &gt; Policy Elements &gt; Conditions &gt; Posture &gt; Script</STRONG>) to check against <STRONG>Windows</STRONG>, <STRONG>macOS</STRONG> and <STRONG>Linux&nbsp;OS</STRONG> (<STRONG>PowerShell</STRONG>, <STRONG>SHELL</STRONG> and <STRONG>SHELL</STRONG> respectively).</P> <P class="lia-align-justify">For <STRONG>Antimalware Scan</STRONG> ...</P> <P class="lia-align-justify">&nbsp;Check if you can "monitor" your <STRONG>Antimalware</STRONG> update via <STRONG>PowerShell/Shell</STRONG> script, checking the <STRONG>Antimalware</STRONG> <U>log files</U>, for ex:&nbsp;<SPAN><EM>C:\ProgramData\&lt;Antimalware&gt;\Updatelog.txt</EM>.</SPAN></P> <P class="lia-align-justify"><SPAN>Try to use a script like this (if possible):</SPAN></P> <PRE class="default s-code-block"><CODE class="hljs language-bash" data-highlighted="yes"><SPAN class="hljs-string">Select-String -Path <U>C:\ProgramData\&lt;Antimalware&gt;\Updatelog.txt</U> -Pattern <U>Updated</U></SPAN></CODE></PRE> <P class="lia-align-justify"><SPAN>For "Open WiFi" ...</SPAN></P> <P class="lia-align-justify"><SPAN>&nbsp;Check if you are able to use the following command in a <STRONG>PowerShell/Shell</STRONG> script:</SPAN></P> <PRE class="lia-align-justify"><SPAN>PS&gt; Get-NetIPConfiguration</SPAN></PRE> <P class="lia-align-justify">&nbsp;</P> <P class="lia-align-justify"><SPAN>Hope this helps !!!</SPAN></P> Sat, 20 Jul 2024 05:09:54 GMT https://community.cisco.com/t5/network-access-control/ise-posture-check/m-p/5147509#M590740 Marcelo Morais 2024-07-20T05:09:54Z