This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have done some googling and searching of the forums and the only thing I have found that is similar is this community post from 2017
We are attempting to implement posturing for end-users personal devices so they can access the AnyConnect VPN. One of the requirements we have is to check for up to date anti-malware definitions on the end-users device
However in our testing, we have found that some devices have their own anti-malware such as Avast installed, this stops the windows defender definitions from being updated and causes the problem that the posture module reports it as being out of date.
Has anyone else had to deal with this or workaround it anyway? would automatic remediation force the update of the signatures for windows defender?
For info we are using ISE version 2.4 patch 5,11
Thanks for any assistance you can provide.
You could choose to kill the windows process or to uninstall the software completely, in which case windows defender should be able to get updated. Check this guide for more information.
Thanks for the responses
@Cristian Matei, I cannot kill the windows defender processes as it is not running on my machine but it is installed and as far as i am aware there is no way to remove it without a lot of effort. The whole idea of the solution as we envisaged it would be to make sure there is an Anti-malware product installed and up to date with no care for the vendor that is being used.
@hslai, we are using these pre-built conditions, the problem is that the posture assessment detects both windows defender and the users own installed anti-malware software such as avast, Symantec etc. However, when these are installed they disabled updates for windows defender somehow and this stops the updates being applied and leaves the definitions out of date.
Because of this ISE receives the posture report from client to say it has 2 anti-malware products installed one is installed, enabled and up to date and the other is installed and not up to date.
I guess i need a way to be able to tell ISE to be happy that there is at least one anti-malware product that is up to date. rather than failing when 1 of the products it has found is not up to date.