cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

600
Views
0
Helpful
8
Replies

Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Hi,

 

We have a customer running ISE 2.4 with patch 5. They have Symantec endpoint protection 14.x. The customer has a local update server which is providing AV updates ( the clients are not directly getting the av updates from internet) . I have configured posture policy to check if any machine is running AV signature older than 14 days with auto-remediation ( Anti-Malware).  But the clients are always getting the error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator". 

 

How does Anyconnect agent trigger for an update if it finds that the signature is outdated?. Will it ask the Symantec client to communicate with the update server?.

 

Kindly help me to solve the issue.

 

 

Thanks

 

 

3 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Jason is right ! we do not have integration available with server for auto remediation. 

the symantec client has to be enabled in the endpoint so that posture module can trigger the autoremediation. 

Thanks,

Nidhi 

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Hi Malik,

 

How are you updating the Symantec Client?. Using live update or using Group Update Provider?. If you are using live update, then the live update option should be enabled for all the clients so that anyconnect can trigger the update. If you are using Group update provider for pushing the updates to the clients, then it seems like the auto remediation is not possible at the moment. It is not an issue with anyconnect but it is due to the GUP architecture that the client cannot initiate an update as far as I understood. Anyway my ticket with TAC is still open, if any further updates on the case I will post here.

 

Good luck

 

Shabeeb

Highlighted
Cisco Employee

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Please get a tac case open and attach to it for tracking, I see you already brought this up to our product managers internally as well. We can’t help here.
8 REPLIES 8
Cisco Employee

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

I believe the evaluation is done via the client so is the update. If manual update via the client is working, please open a Cisco TAC case and submit a copy of the AnyConnect DART bundle.

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Hi,

 

I found that the customer has disabled liveupdate functionality on the symantec endpoints. Cisco TAC had confirmed that this feature should be enabled on the SEP so that anyconnect agent can auto-remediate if it finds old signatures on the user machine.  In our case the customer is using symantec group update server for updating their AV clients. Is there anyway that we can achieve auto-remediation when the customer is using group update server instead of live update?.

 

Regards

Shabeeb

Cisco Employee

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

I think this would be a question for Symantec, we have no control over that.
Cisco Employee

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Jason is right ! we do not have integration available with server for auto remediation. 

the symantec client has to be enabled in the endpoint so that posture module can trigger the autoremediation. 

Thanks,

Nidhi 

Beginner

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Hello Shabeeb,

 

Did you find any solution to this problem or just left the remediation for symantec Antivirus update ,, i am facing the same this issue even we both have same cisco ise and symantec endpoint protection version?

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Hi Malik,

 

How are you updating the Symantec Client?. Using live update or using Group Update Provider?. If you are using live update, then the live update option should be enabled for all the clients so that anyconnect can trigger the update. If you are using Group update provider for pushing the updates to the clients, then it seems like the auto remediation is not possible at the moment. It is not an issue with anyconnect but it is due to the GUP architecture that the client cannot initiate an update as far as I understood. Anyway my ticket with TAC is still open, if any further updates on the case I will post here.

 

Good luck

 

Shabeeb

Beginner

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Hi Shabeeb,

 

I face similar issue in my client. Any workaround or solution TAC suggested to the client ?  

 

Thanks,

 

Wiyandi

Highlighted
Cisco Employee

Re: Auto Remediation for Symantec Endpoint Protection 14.x giving error "The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator"

Please get a tac case open and attach to it for tracking, I see you already brought this up to our product managers internally as well. We can’t help here.