cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

820
Views
0
Helpful
4
Replies
Highlighted
Beginner

Do ISE maintain Windows Updates or WSUS updates?

Do ISE maintain the updates for the WSUS or windows OS, patches? how? any documentation?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Do ISE maintain Windows Updates or WSUS updates?

Please see Compliance Module in the ISE Administrators Guide.

 

ISE - along with the posture module in AnyConnect - can determine the compliance of an endpoint based on the latest application version & patch updates from the OPSWAT OESIS API . Neither ISE nor AnyConnect will update or patch an endpoint for you. This is the job of WSUS.

 

ISE simply helps to limit a non-compliant - and potentially vulnerable - endpoint's access to the network until properly patched by WSUS so they can't be infected or - if already compromised - infect others.

View solution in original post

4 REPLIES 4
Highlighted
Rising star

Re: Do ISE maintain Windows Updates or WSUS updates?

No, ISE does not have windows updates nor does it deploy updates to your clients. What it does do is if you are using posture, you can have ise/anyconnect start the windows update process on the pc's if they haven't been updated.

Highlighted
Beginner

Re: Do ISE maintain Windows Updates or WSUS updates?

ise/anyconnect means ISE agent?

Highlighted
Cisco Employee

Re: Do ISE maintain Windows Updates or WSUS updates?

Please see Compliance Module in the ISE Administrators Guide.

 

ISE - along with the posture module in AnyConnect - can determine the compliance of an endpoint based on the latest application version & patch updates from the OPSWAT OESIS API . Neither ISE nor AnyConnect will update or patch an endpoint for you. This is the job of WSUS.

 

ISE simply helps to limit a non-compliant - and potentially vulnerable - endpoint's access to the network until properly patched by WSUS so they can't be infected or - if already compromised - infect others.

View solution in original post

Highlighted
Beginner

Re: Do ISE maintain Windows Updates or WSUS updates?

keep in mind that WSUS Offline Update is an unsupported third-party utility, so if supportability is important for the systems you’re updating then you might want to find a way to patch them using WSUS or Windows Update. Discord On the other hand, however, the community of users who informally support WSUS Offline Update in the forums for this tool is still very strong and full of helpful individuals, Adobe Reader so if you do plan on using the tool for patching Windows you can at least count on some level of help being available for you when you find yourself puzzling over some issue. Just be aware: iTunes Many of the users who post to these forums do so in German, not English!