05-23-2017 06:11 AM
hi,
Our customer wants to protect against WannaCry using posture.
Win 10 initial versione July 2015
May 9, 2017 KB4019474
April 11, 2017 KB4015221
March 22, 2017 KB4016637
March 14, 2017 KB4012606
Win 10 v1511
May 9, 2017 KB4019473
April 11, 2017 KB4015219
March 22, 2017 KB4016636
March 14, 2017 KB4013198
Win 10 v1607
May 9, 2017 KB4019472
April 11, 2017 KB4015217
March 22, 2017 KB4016635
March 22, 2017 KB4015438
March 14, 2017 KB4013429
Many thanks
Gert
Solved! Go to Solution.
05-23-2017 06:23 PM
HI Gert,
Please create custom compound conditions for the KB and added it to the requirements. Add requirements to posture policy. Create different requirements for different operating systems in your case.
Here is a documentation that describes that
Posture Services on the Cisco ISE Configuration Guide - Cisco
Thanks
Krishnan
05-23-2017 06:23 PM
HI Gert,
Please create custom compound conditions for the KB and added it to the requirements. Add requirements to posture policy. Create different requirements for different operating systems in your case.
Here is a documentation that describes that
Posture Services on the Cisco ISE Configuration Guide - Cisco
Thanks
Krishnan
05-24-2017 01:24 AM
Thanks for the reply Krishnan.
It is not completely answering my question:
Thanks
Gert
05-28-2017 10:53 AM
05-29-2017 12:51 AM
Hi Hsing-Tsu,
Thanks for the reply.
Not all the individual KBs exist on the ISE predefined conditions. i.e. we would need to check KB4015221, KB4016637, KB4012606,… which are not predefined.
Is there a way to create these individual KB conditions manually?
If not, any other recommendation to only allow WannaCry-protected hosts on the network?
Regards
Gert
05-29-2017 02:19 PM
The three KB articles are corresponding to OS Build numbers for Windows 10 which initially released in July 2015:
KB4015221 = OS Build 10240.17354
KB4016637 = OS Build 10240.17320
KB4012606 = OS Build 10240.17319
Thus, you may create them as registry checks on
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
By updating to a later OS build is possibly also addressed the SMB vulnerabilities, but they are not specific to that issue. The KBs added for CSCve42752 are specific to SMB and our engineering team updated it mid last week. That should cover it for all Windows client versions supported by ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide