Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2009
Views
5
Helpful
2
Replies

AntiMalware - Definition checks - Posture

Srinivasan Nagarajan
Level 1
Level 1

‎05-08-2021 10:27 PM - edited ‎05-09-2021 01:36 AM

Hi Experts,

We're running ISE 2.6 with Patch 8 installed. AnyConnect is 4.8 and the Compliance Module is 4.3.X. I've been asked to configure a New AV Posture policy Definition check for Windows Defender. 

 

Name: AV_Def_5days

Compliance Module: 4.X or later

Operating System: Windows All

Vendor: Microsoft Corporation

Check Type: Definition

Allow Virus Definition to be 5 days older than the Current system date

 

1. With the above config, I assume users should be having the Definition file date which are no longer older than the current system date (running on users PC). Is that correct?

2. What if the vendor isn't updating their AV database every 5 days once? Will the ISE mark them as non-compliant? 

 

Thanks in advance

0 Helpful
2 Replies 2

Damien Miller
VIP Alumni
VIP Alumni

‎05-08-2021 11:11 PM

Yes your assumptions are correct, but with Windows Defender the risk of the definitions being older than five days is very low since Microsoft updates on a 2 hour schedule. I still prefer to use 5 days from the last known definition date because of this though, not every AV/AM is as frequent as Microsoft.  

Srinivasan Nagarajan
Level 1
Level 1
In response to Damien Miller

‎05-09-2021 06:11 PM - edited ‎05-09-2021 06:31 PM

Thanks Damien.

We're also looking for the other option "Latest file date" which I guess implies, the virus definition files installed on the machine are no more 5 days older than the versions that ISE knows about. Is it correct?

Cheers,

0 Helpful
Customers Also Viewed These Support Documents