Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
2
Helpful
8
Replies

CSCwk64033 - Need support for windows update agent 1219.x in ISE

Fernando Segura
Level 1
Level 1

‎08-05-2024 11:17 PM - edited ‎08-07-2024 04:36 AM

Hi all, 

Same problem happened with 1218 version few months ago. I can not ask to my users to downgrade his windows 11 so i put this requirement as optional until Cisco upgraded the ISE and included v1218 support , but now it is happending again.

Is there any other way to check windows update compliance without wait until Cisco upgrade ISE to support Windows update agent 1219?

checking some regedit value reflecting windows security state, by example?

TIA

 

1 person had this problem
Labels:
0 Helpful
8 Replies 8

ahollifield
VIP
VIP

‎08-06-2024 08:21 AM

Do you have the latest Posture Feed update installed?  

Fernando Segura
Level 1
Level 1
In response to ahollifield

‎08-07-2024 02:12 AM - edited ‎08-07-2024 02:16 AM

Yes, the latest posture feed already include support for Windows update agent 1219.x , but it needs upgrade compliance module to 4.3.4164.6145.

Some of our users didn't have admin rights and couldn't upgrade the module and we have to upgrade manually, this is why i am looking for an anternative method to check windows update running.

0 Helpful

ahollifield
VIP
VIP
In response to Fernando Segura

‎08-07-2024 06:11 AM

Updating the compliance module via ISE doesn’t automatically download and update? In my experience this doesn’t need admin rights.
0 Helpful

Fernando Segura
Level 1
Level 1
In response to ahollifield

‎08-08-2024 12:00 AM - edited ‎08-08-2024 01:49 AM

@ahollifield , updating via ISE works fine in almost all computers, with admin users and with no admin users,  but  some computers fails, and in those cases, only if a admin user log in the computer the compliance module update fine.

0 Helpful

Fernando Segura
Level 1
Level 1
In response to Fernando Segura

‎08-12-2024 01:40 AM

This weekend Microsoft upgraded again Windows 11 and now use Windows Update agent 1220.x, but cisco ISE is not supporting yet.

0 Helpful

Fernando Segura
Level 1
Level 1

‎08-07-2024 02:15 AM

The predefined Cisco Conditions -> Service -> pc_AutoUpdateCheck working fine to check windows update running without check a specific version; but i a still need check if the windows has updated his critical patches

0 Helpful

luwhelan
Cisco Employee
Cisco Employee

‎08-20-2024 07:56 PM

@Fernando Segura  support for Windows update agent is now available: Support Charts for Cisco Secure Client Windows Compliance Module v4.3.4214.8192

Please note you will need to install the latest compliance module version 4.3.4214.8192: Secure Client 5 Release ISEComplianceModule. As well as update the posture feed in ISE.

Fernando Segura
Level 1
Level 1
In response to luwhelan

‎08-20-2024 11:34 PM - edited ‎08-20-2024 11:50 PM

Thanks you.  I've updated and check and works fine. I've configured different rules for Win10 and Win11. Now Win11 devices will upgrade inmediately from ISE when new module is available, and Win10 devices will be upgraded by SCCM ( to aovid the need of users with admin privileges to install the compliance module updated).

0 Helpful
Customers Also Viewed These Support Documents