Re: ISE 2.1 Anyconnect Posture Assessment failure for AV

joagusti.v1 · ‎10-18-2017

Hi,

Posture assessment fails because Cisco Anyconnect is not recognizing the installed AV, but it only see the Windows Defender installed. The problem is, since the user has McAfee, it automatically disabled the Windows Defender and therefore no updates are being made (please see attached). What is the possible workaround for this?

Marvin Rhoads · ‎10-18-2017

There are several bugs associated with AnyConnect Posture module and McAfee. They are for the most part resolved with the current AC release.

What version of AC Posture module are you using?

joagusti.v1 · ‎10-18-2017

We're using Anyconnect 4.3 for both Windows and Mac. Please note that the same case happens to user with AVAST.

Another case was the user has Norton antivirus installed. The Posture assessment was able to detect the Norton antivirus and Defender. However, it still failed because the Defender is not updated.

Rahul Govindan · ‎10-19-2017

What does your posture requirements look like? If you have selected Norton AV alone to be updated within a certain number of days, Windows defender should not matter. But if you use the inbuilt Any AV policy, it will expect any AV detected to be updated.

joagusti.v1 · ‎10-19-2017

Hi Rahul,

Thanks for your response. I see your point here. So is there a way to make Anyconnect ignore Bit Defender (which is native in Windows 8/10) when there is another AV installed?

Regards,

Marvin Rhoads · ‎10-19-2017

Please share your ISE Posture Policy details.

If you are telling ISE to check for AV it will find Windows Defender and fail.

If you are telling it to check for McAfee it should find it and pass if the version and signatures meet the policy requirements.