05-08-2013 02:49 PM - edited 03-10-2019 08:24 PM
So I have ISE ready to go for our VPN users. Testing has been great and it looks like we are ready to roll out.
Then comes along a new version of our corporate AntiVirus software. We have had Kaspersky EndPoint Security v8 since last August. Now Kaspersky has released Endpoint Security v10. It took about 3 months for the Compliance Module in ISE to allow NAC Agent to recognise KESv10. But now when we connect I get an error from NAC stating bascially that the version of KES installed doesn't have any posture/rules setup and it can't do anything. (see attached for exact wording)
I remember when we first set the ISE up there was a screen that broke down the different AV makers, and the various versions that ISE/NAC would support. I have no idea where that is now.
How to I update my policies/remediation/rules to reflect either including KES10, or just change them to allow version 8+, or even ANY version?
I am sure this is a simple fix, but I just can't find it. I have looked through a lot of documentation, and I even looked through a Global Lab PDF on setting up ISE posturing and can't find it there.
Thanks,
Dirk
Solved! Go to Solution.
05-29-2013 07:42 AM
Sadly, there are various known bugs relating to using the 'wrong' browser that have been around for some time
05-28-2013 10:32 PM
Have you looked in your Posture Requirements configuration in ISE?
05-29-2013 07:25 AM
The issue has been corrected.
EVERYONE please make note....I had heard about issues when using CHROME with the ISE Admin console....well there definitely are issues with CHROME and IE10 when it comes to ISE admin. I finally installed FIREFOXv20 and was able to see everything I was missing in CHROME and IE10.
So lesson learned....keep a copy of the major web browsers around just to make sure incompatibilities don't bite you in the hind quarters!!!
05-29-2013 07:42 AM
Sadly, there are various known bugs relating to using the 'wrong' browser that have been around for some time
06-01-2013 09:02 PM
Well I am now seeing that, yes the NAC agent recognizes Kaspersky Endpoint Security v10, but I was able to see in the ISE settings that REMEDIATION ACTION is NOT supported. WHY would this be? And how/when will this be fixed....this completely invalidiate a MAIN puprose for implementing ISE to keep our A/V definitiions updated.
Why would you implement support for antivirus if you don't support the remediation of it?!?!?!??
VERY aggrivating Cisco....VERY!!!
06-01-2013 11:43 PM
Some AV vendors don't allow third parties to interact with their products. If you are able to identify what executables (etc) need to be fired trigger an update you can usually create your own Remediation Action though, which would fix your problem. Alternatively, call TAC, hopefully they can fix the problem for you, but even if they can't you can bet it will get added to their list of things to fix in the future.
06-14-2013 11:58 AM
Have called TAC and they have opened a Bug.
Hopefully we can see some traction soon.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide