Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
0
Helpful
3
Replies

How I should setup Launch Program Remediation in ISE 1.4?

descalante2007
Level 1
Level 1

‎08-27-2015 01:25 PM - edited ‎03-10-2019 11:00 PM

I am testing the Launch Program Remediation feature without success.

 

Sometimes Anyconnect (4.1.04011) shows a message indicating the file that has been requested could not be launched either because it could not be found or there is a problem launching it.

I had tried launching easy things like calc.exe or cmd.exe ... My final goal is to launch the AV signatureupdate but anything appears to work.

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

jan.nielsen
Level 7
Level 7

‎08-27-2015 02:09 PM

What AV are you suing, is your AV not supported by the built in AV policies, since you are using launch program remediation?

0 Helpful

descalante2007
Level 1
Level 1
In response to jan.nielsen

‎08-27-2015 04:43 PM

I'm using System Center Endpoint Protection (Microsoft). The idea is remediate a computer that has been off the network by several days. As the posture rule requires the definition file to not be more tan 1 day older that the latest file date, the computer would be no compliant.

I like to launch the signature update as soon the anyconnect identifies the no compliant condition and not wait until the System Center Server updates by itself which can be after several minutes.

The only way I had seen this feature working is when the computer user has administrative privileges which is not true for most of the users. 

0 Helpful

jan.nielsen
Level 7
Level 7
In response to descalante2007

‎08-27-2015 05:44 PM

I don't know anything about system center endpoint protection...is it what was called forefront before or ?

My experience is that when you try to launch something it will either launch as the SYSTEM user, if you are not administrator, and as the logged-in use if you are administrator. This has caused me some issues when testing posture. I would advise using the sysinternals process monitor and watch what acposture.exe/iseposture.exe is doing to find out what is going wrong.

0 Helpful
Customers Also Viewed These Support Documents