So I have ISE ready to go for our VPN users. Testing has been great and it looks like we are ready to roll out.
Then comes along a new version of our corporate AntiVirus software. We have had Kaspersky EndPoint Security v8 since last August. Now Kaspersky has released Endpoint Security v10. It took about 3 months for the Compliance Module in ISE to allow NAC Agent to recognise KESv10. But now when we connect I get an error from NAC stating bascially that the version of KES installed doesn't have any posture/rules setup and it can't do anything. (see attached for exact wording)
I remember when we first set the ISE up there was a screen that broke down the different AV makers, and the various versions that ISE/NAC would support. I have no idea where that is now.
How to I update my policies/remediation/rules to reflect either including KES10, or just change them to allow version 8+, or even ANY version?
I am sure this is a simple fix, but I just can't find it. I have looked through a lot of documentation, and I even looked through a Global Lab PDF on setting up ISE posturing and can't find it there.
Solved! Go to Solution.
The issue has been corrected.
EVERYONE please make note....I had heard about issues when using CHROME with the ISE Admin console....well there definitely are issues with CHROME and IE10 when it comes to ISE admin. I finally installed FIREFOXv20 and was able to see everything I was missing in CHROME and IE10.
So lesson learned....keep a copy of the major web browsers around just to make sure incompatibilities don't bite you in the hind quarters!!!
Well I am now seeing that, yes the NAC agent recognizes Kaspersky Endpoint Security v10, but I was able to see in the ISE settings that REMEDIATION ACTION is NOT supported. WHY would this be? And how/when will this be fixed....this completely invalidiate a MAIN puprose for implementing ISE to keep our A/V definitiions updated.
Why would you implement support for antivirus if you don't support the remediation of it?!?!?!??
VERY aggrivating Cisco....VERY!!!
Some AV vendors don't allow third parties to interact with their products. If you are able to identify what executables (etc) need to be fired trigger an update you can usually create your own Remediation Action though, which would fix your problem. Alternatively, call TAC, hopefully they can fix the problem for you, but even if they can't you can bet it will get added to their list of things to fix in the future.