Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1765
Views
1
Helpful
4
Replies

ISE 2.3 - Posture - Endpoint compliance with temporal agent issue

Go to solution
gabrieleferrari
Beginner
Beginner

‎10-04-2017 04:44 AM

Hi,

We are working with ISE 2.3 and Posture assesment feature.

To allow network access to a specific client we need to verify the following statement:

-Specific application are NOT  present on the system (i.e. nmap.exe)

In this environment we can't use Anyconnect, is mandatory the use of Temporal Agent

From my point of view the only way to verify the absence of a specific application to create a posture remediation action with the manual uninstall option configured, but this requires the use of Anyconnect.

Does anybody knows how to archive this goal?

Thanks

Best regards

Gabriele

1 Accepted Solution

Accepted Solutions

Go to solution
gabrieleferrari
Beginner
Beginner
In response to gabrieleferrari

‎10-05-2017 02:08 AM

Hi,

maybe I found the solution to my question.

In ISE an application condition defined always check for "malicious" software on the endpoint, so the behaviour described is always true.

Is it correct?

View solution in original post

0 Helpful
4 Replies 4

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-04-2017 07:51 AM

Although Temporal agents do not support remediations triggered by a button in the agent UI, we may show a message text and ask the users to manual perform the actions. Attached shows an example of failing the windows firewall condition.

Video Link : 16637

0 Helpful

Go to solution
gabrieleferrari
Beginner
Beginner
In response to hslai

‎10-05-2017 01:41 AM

Thanks for your reply.

Unfortunately I need to verify the presence of a software and, if present, deny the access to the user.

The condition that I need to verify is similar to this:

if (7zip is [installed | running])

than non compiant

else compliant

Consider 7zip a generic example of a specific application

Thanks

0 Helpful

Go to solution
gabrieleferrari
Beginner
Beginner
In response to gabrieleferrari

‎10-05-2017 02:08 AM

Hi,

maybe I found the solution to my question.

In ISE an application condition defined always check for "malicious" software on the endpoint, so the behaviour described is always true.

Is it correct?

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to gabrieleferrari

‎10-05-2017 07:35 AM

Yes, that is correct.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents