Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4831
Views
0
Helpful
8
Replies

Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Go to solution
SHABEEB KUNHIPOCKER
Level 3
Level 3

‎12-19-2018 04:43 AM

Hi,

 

We have a customer running ISE 2.4 with patch 5. They have Symantec endpoint protection 14.x. The customer has a local update server which is providing AV updates ( the clients are not directly getting the av updates from internet) . I have configured posture policy to check if any machine is running AV signature older than 14 days with auto-remediation ( Anti-Malware).  But the clients are always getting the error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator". 

 

How does Anyconnect agent trigger for an update if it finds that the signature is outdated?. Will it ask the Symantec client to communicate with the update server?.

 

Kindly help me to solve the issue.

 

 

Thanks

 

 

3 people had this problem
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Nidhi
Cisco Employee
Cisco Employee
In response to SHABEEB KUNHIPOCKER

‎06-27-2019 08:22 PM

Jason is right ! we do not have integration available with server for auto remediation. 

the symantec client has to be enabled in the endpoint so that posture module can trigger the autoremediation. 

Thanks,

Nidhi 

View solution in original post

0 Helpful

Go to solution
SHABEEB KUNHIPOCKER
Level 3
Level 3
In response to malik.shafqat1

‎07-09-2019 10:38 PM

Hi Malik,

 

How are you updating the Symantec Client?. Using live update or using Group Update Provider?. If you are using live update, then the live update option should be enabled for all the clients so that anyconnect can trigger the update. If you are using Group update provider for pushing the updates to the clients, then it seems like the auto remediation is not possible at the moment. It is not an issue with anyconnect but it is due to the GUP architecture that the client cannot initiate an update as far as I understood. Anyway my ticket with TAC is still open, if any further updates on the case I will post here.

 

Good luck

 

Shabeeb

View solution in original post

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to sr2290723

‎09-11-2019 08:41 AM

Please get a tac case open and attach to it for tracking, I see you already brought this up to our product managers internally as well. We can’t help here.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-19-2018 06:41 AM

I believe the evaluation is done via the client so is the update. If manual update via the client is working, please open a Cisco TAC case and submit a copy of the AnyConnect DART bundle.

0 Helpful

Go to solution
SHABEEB KUNHIPOCKER
Level 3
Level 3

‎06-27-2019 07:09 AM

Hi,

 

I found that the customer has disabled liveupdate functionality on the symantec endpoints. Cisco TAC had confirmed that this feature should be enabled on the SEP so that anyconnect agent can auto-remediate if it finds old signatures on the user machine.  In our case the customer is using symantec group update server for updating their AV clients. Is there anyway that we can achieve auto-remediation when the customer is using group update server instead of live update?.

 

Regards

Shabeeb

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to SHABEEB KUNHIPOCKER

‎06-27-2019 11:20 AM

I think this would be a question for Symantec, we have no control over that.
0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee
In response to SHABEEB KUNHIPOCKER

‎06-27-2019 08:22 PM

Jason is right ! we do not have integration available with server for auto remediation. 

the symantec client has to be enabled in the endpoint so that posture module can trigger the autoremediation. 

Thanks,

Nidhi 

0 Helpful

Go to solution
malik.shafqat1
Level 1
Level 1
In response to SHABEEB KUNHIPOCKER

‎07-09-2019 12:44 AM

Hello Shabeeb,

 

Did you find any solution to this problem or just left the remediation for symantec Antivirus update ,, i am facing the same this issue even we both have same cisco ise and symantec endpoint protection version?

0 Helpful

Go to solution
SHABEEB KUNHIPOCKER
Level 3
Level 3
In response to malik.shafqat1

‎07-09-2019 10:38 PM

Hi Malik,

 

How are you updating the Symantec Client?. Using live update or using Group Update Provider?. If you are using live update, then the live update option should be enabled for all the clients so that anyconnect can trigger the update. If you are using Group update provider for pushing the updates to the clients, then it seems like the auto remediation is not possible at the moment. It is not an issue with anyconnect but it is due to the GUP architecture that the client cannot initiate an update as far as I understood. Anyway my ticket with TAC is still open, if any further updates on the case I will post here.

 

Good luck

 

Shabeeb

0 Helpful

Go to solution
sr2290723
Level 1
Level 1
In response to SHABEEB KUNHIPOCKER

‎09-11-2019 07:43 AM

Hi Shabeeb,

 

I face similar issue in my client. Any workaround or solution TAC suggested to the client ?  

 

Thanks,

 

Wiyandi

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to sr2290723

‎09-11-2019 08:41 AM

Please get a tac case open and attach to it for tracking, I see you already brought this up to our product managers internally as well. We can’t help here.
0 Helpful
Customers Also Viewed These Support Documents