Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
0
Helpful
2
Replies

Anomalous Behaviour and Dual Boot machines

Go to solution
Ricardo T Duarte
Level 1
Level 1

‎10-12-2018 12:37 PM

Hi there,

 

 

I would like to use the Anomalous Behaviour with automatic enforcement, but would like to allow changes from Windows to Linux and Linux to Windows. 

From the documentation it seems that this change will trigger "anomalous behaviour".

Is there a way to circumvent this issue (ex: only use main classes like Workstation to Printer, and allow changes inside the same class)?

 

Thanks

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎10-15-2018 08:16 AM

It will depend on whether the Linux will send DHCP Vendor Class ID. AFAIK, most Linux doesn't send Vendor Class ID so the endpoint will be profiled as WIndows and not trigger the ABD.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
anthonylofreso
Level 4
Level 4

‎10-15-2018 05:03 AM

Hmm, I am also curious about this. I've seen very little documentation regarding Anomalous Behavior and the ability to write good policy.

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee

‎10-15-2018 08:16 AM

It will depend on whether the Linux will send DHCP Vendor Class ID. AFAIK, most Linux doesn't send Vendor Class ID so the endpoint will be profiled as WIndows and not trigger the ABD.

0 Helpful
Customers Also Viewed These Support Documents