Solved: Re: ISE 2.3 - Posture - Endpoint compliance with temporal agent issue

gabrieleferrari · ‎10-04-2017

Hi,

We are working with ISE 2.3 and Posture assesment feature.

To allow network access to a specific client we need to verify the following statement:

-Specific application are NOT present on the system (i.e. nmap.exe)

In this environment we can't use Anyconnect, is mandatory the use of Temporal Agent

From my point of view the only way to verify the absence of a specific application to create a posture remediation action with the manual uninstall option configured, but this requires the use of Anyconnect.

Does anybody knows how to archive this goal?

Thanks

Best regards

Gabriele

gabrieleferrari · ‎10-05-2017

Hi,

maybe I found the solution to my question.

In ISE an application condition defined always check for "malicious" software on the endpoint, so the behaviour described is always true.

Is it correct?

View solution in original post

hslai · ‎10-04-2017

Although Temporal agents do not support remediations triggered by a button in the agent UI, we may show a message text and ask the users to manual perform the actions. Attached shows an example of failing the windows firewall condition.

Video Link : 16637

gabrieleferrari · ‎10-05-2017

Thanks for your reply.

Unfortunately I need to verify the presence of a software and, if present, deny the access to the user.

The condition that I need to verify is similar to this:

if (7zip is [installed | running])

than non compiant

else compliant

Consider 7zip a generic example of a specific application

Thanks

gabrieleferrari · ‎10-05-2017

Hi,

maybe I found the solution to my question.

In ISE an application condition defined always check for "malicious" software on the endpoint, so the behaviour described is always true.

Is it correct?

hslai · ‎10-05-2017

Yes, that is correct.