cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1252
Views
1
Helpful
4
Replies
Highlighted

ISE 2.3 - Posture - Endpoint compliance with temporal agent issue

Hi,

We are working with ISE 2.3 and Posture assesment feature.

To allow network access to a specific client we need to verify the following statement:

-Specific application are NOT  present on the system (i.e. nmap.exe)

In this environment we can't use Anyconnect, is mandatory the use of Temporal Agent

From my point of view the only way to verify the absence of a specific application to create a posture remediation action with the manual uninstall option configured, but this requires the use of Anyconnect.

Does anybody knows how to archive this goal?

Thanks

Best regards

Gabriele

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

maybe I found the solution to my question.

In ISE an application condition defined always check for "malicious" software on the endpoint, so the behaviour described is always true.

Is it correct?

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Although Temporal agents do not support remediations triggered by a button in the agent UI, we may show a message text and ask the users to manual perform the actions. Attached shows an example of failing the windows firewall condition.

Video Link : 16637

Highlighted

Thanks for your reply.

Unfortunately I need to verify the presence of a software and, if present, deny the access to the user.

The condition that I need to verify is similar to this:

if (7zip is [installed | running])

than non compiant

else compliant

Consider 7zip a generic example of a specific application

Thanks

Highlighted

Hi,

maybe I found the solution to my question.

In ISE an application condition defined always check for "malicious" software on the endpoint, so the behaviour described is always true.

Is it correct?

View solution in original post

Highlighted

Yes, that is correct.