Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1536
Views
0
Helpful
2
Replies

Cisco ISE posturing for critical patches

dijeshkeloth
Level 1
Level 1

‎04-12-2020 10:53 AM

We have ISE 2.6, anyconnect 4.8 and compliance module 4.3.1182.6145. In the patch management condition, we have set the condition to check for critical patches for windows 10. The windows PCs are not part of domain and do not have sccm client, however windows update agent is present. Although the windows is up to date, the compliance check is failing. Any suggestions?

0 Helpful
2 Replies 2

Greg Gibbs
Cisco Employee
Cisco Employee

‎04-13-2020 07:24 PM

See a similar post here

ISE does not have built-in capability to determine Posture based on Windows patch management conditions. It requires information gathered from the SCCM client, so having SCCM (or WSUS) is required.

0 Helpful

sureshot
Cisco Employee
Cisco Employee

‎04-13-2020 11:17 PM

In Case on no SCCM and still want to check posture based on critical patches of Windows 10 endpoints, use File Condition.
Please refer the below guide where it explains and show you how to posture based on a Critical patch using its file version. I
If you want to check for multiple critical patches, use Compound posture condition to bind them together as single condition for posture requirement.
https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273#toc-hId-2133519567

 

0 Helpful
Customers Also Viewed These Support Documents