Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2120
Views
0
Helpful
4
Replies

Installing AV on the ISE appliance/VM itself.

Go to solution
wenoonan
Cisco Employee
Cisco Employee

‎11-19-2019 08:35 AM

I have a customer that needs to document for compliance, any systems which cannot have AV installed. I'm 99% sure that it is not possible to install 3rd party AV software on an ISE VM or appliance. Does anyone know of any documentation, etc. that affirms this one way or the other? Thanks!

2 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jj27
Spotlight
Spotlight

‎11-19-2019 01:18 PM

This document is a little dated, but it states "Customers do not have direct access to the OS" which would include the ability to install any 3rd party software such as AV.

 

https://community.cisco.com/t5/security-documents/ise-security-best-practices-hardening/ta-p/3640651#toc-hId-1865503479

View solution in original post

0 Helpful
4 Replies 4

Go to solution
jj27
Spotlight
Spotlight

‎11-19-2019 01:18 PM

This document is a little dated, but it states "Customers do not have direct access to the OS" which would include the ability to install any 3rd party software such as AV.

 

https://community.cisco.com/t5/security-documents/ise-security-best-practices-hardening/ta-p/3640651#toc-hId-1865503479

0 Helpful

Go to solution
wenoonan
Cisco Employee
Cisco Employee
In response to jj27

‎11-20-2019 06:51 AM

Thanks. I think that will do it. Passed it along to my customer, thanks again!

0 Helpful

Go to solution
Anurag Sharma
Cisco Employee
Cisco Employee

‎11-20-2019 02:19 AM

Hi @wenoonan ,

 

Why do you want to install AV on ISE anyway? 

ISE cannot act as a 'remediation' server.

If you are thinking of making ISE check whether AV is installed or not, please use Posture condition for AV. Work Centers -> Posture -> Policy Elements -> Conditions -> Anti-virus

FYI, Posture requires Apex license and a whole lot of configuration to get it working properly :)

 

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.
0 Helpful

Go to solution
wenoonan
Cisco Employee
Cisco Employee
In response to Anurag Sharma

‎11-20-2019 06:53 AM

Installing AV on the ISE appliance as an AV client, not a server. Same reason you install AMP on your endpoints. To protect the endpoint. In this case the customer has a [antiquated] requirement to run AV software on all operating systems. The sole exception requires a document from the vendor stating to the effect of "you can't install 3rd party software, including AV software, on the appliance". Hopefully that clarifies the request. Thanks!

0 Helpful
Customers Also Viewed These Support Documents