cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1134
Views
0
Helpful
4
Replies
asd30110329
Beginner

Do ISE maintain Windows Updates or WSUS updates?

Do ISE maintain the updates for the WSUS or windows OS, patches? how? any documentation?

1 ACCEPTED SOLUTION

Accepted Solutions
thomas
Cisco Employee

Please see Compliance Module in the ISE Administrators Guide.

 

ISE - along with the posture module in AnyConnect - can determine the compliance of an endpoint based on the latest application version & patch updates from the OPSWAT OESIS API . Neither ISE nor AnyConnect will update or patch an endpoint for you. This is the job of WSUS.

 

ISE simply helps to limit a non-compliant - and potentially vulnerable - endpoint's access to the network until properly patched by WSUS so they can't be infected or - if already compromised - infect others.

View solution in original post

4 REPLIES 4
jan.nielsen
Rising star

No, ISE does not have windows updates nor does it deploy updates to your clients. What it does do is if you are using posture, you can have ise/anyconnect start the windows update process on the pc's if they haven't been updated.

ise/anyconnect means ISE agent?

thomas
Cisco Employee

Please see Compliance Module in the ISE Administrators Guide.

 

ISE - along with the posture module in AnyConnect - can determine the compliance of an endpoint based on the latest application version & patch updates from the OPSWAT OESIS API . Neither ISE nor AnyConnect will update or patch an endpoint for you. This is the job of WSUS.

 

ISE simply helps to limit a non-compliant - and potentially vulnerable - endpoint's access to the network until properly patched by WSUS so they can't be infected or - if already compromised - infect others.

View solution in original post

valokoparo4545
Beginner

keep in mind that WSUS Offline Update is an unsupported third-party utility, so if supportability is important for the systems you’re updating then you might want to find a way to patch them using WSUS or Windows Update. Discord On the other hand, however, the community of users who informally support WSUS Offline Update in the forums for this tool is still very strong and full of helpful individuals, Adobe Reader so if you do plan on using the tool for patching Windows you can at least count on some level of help being available for you when you find yourself puzzling over some issue. Just be aware: iTunes Many of the users who post to these forums do so in German, not English!

Content for Community-Ad