Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1065
Views
0
Helpful
4
Replies

ISE 2.3 Temporal Agent - BYOD - check for Encryption

Go to solution
ggriesse@cisco.com
Cisco Employee
Cisco Employee

‎11-09-2017 05:49 AM

Hi all

I have a customer trying to meet a BYOD requirement by means of the new Temporal Agent

Minimal Acceptable posture requirement is (windows)

1)*Any*  AV Installed and Up to date

2) Disk encryption enabled ... again *Any* as long as its Encrypted ..

3) Various Microsoft Patch Levels..

We have sucesfully tested and Confirmed 1 and 3 BUT cannot work out a way to do the Disk Encry.. check

is this even possible , checking on the Posture rules i can not find an "any" for Disk Encry. only specifics and only on full AnyConnect agent not temporal ..

Ideas ?

Thx

Greg

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-10-2017 05:29 AM

From imbashir Currently, ANY disk encryption is not supported, there are 2 use cases (both not supported in 2.3 and I don’t see then in 2.4)


1. Check if “ANY Disk Encryption” software is running, not supported today


2F792ABC-10BF-4D63-9E86-9F22640317A8.png

2. Check if Any Disk is encrypted


Again, not supported but we have a workaround to create a file condition + disk encryption

in file condition, check if file (E:\NIL) exists, if exist, meaning there is disk E.

then create a disk encryption condition to check if disk E is encrypted.


View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-10-2017 05:29 AM

From imbashir Currently, ANY disk encryption is not supported, there are 2 use cases (both not supported in 2.3 and I don’t see then in 2.4)


1. Check if “ANY Disk Encryption” software is running, not supported today


2F792ABC-10BF-4D63-9E86-9F22640317A8.png

2. Check if Any Disk is encrypted


Again, not supported but we have a workaround to create a file condition + disk encryption

in file condition, check if file (E:\NIL) exists, if exist, meaning there is disk E.

then create a disk encryption condition to check if disk E is encrypted.


0 Helpful

Go to solution
noel-armand
Level 1
Level 1

‎05-01-2018 08:51 PM

hi

I have a customer requirement to use the ISE 2.3 Temporal Agent and posture check wired guests to ensure they are running 'any' AV. Does anyone know if this is supported, I'm guessing not? From a configuration point of view the Temporal Agent requires the compliance module as 4.x and above however the AV rules are constructed from compliance module 3.x

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee
In response to noel-armand

‎05-02-2018 08:30 AM

Use Anti-Malware instead. Compliance module 4.x uses the term Anti-Malware which includes both Anti-Virus & Anti-Spyware.

0 Helpful
Customers Also Viewed These Support Documents