cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

137
Views
0
Helpful
4
Replies
Highlighted
Beginner

ISE posture - Anti Malware definitions and windows defender

Hi all, 

 

I have done some googling and searching of the forums and the only thing I have found that is similar is this community post from 2017

We are attempting to implement posturing for end-users personal devices so they can access the AnyConnect VPN. One of the requirements we have is to check for up to date anti-malware definitions on the end-users device

 

However in our testing, we have found that some devices have their own anti-malware such as Avast installed, this stops the windows defender definitions from being updated and causes the problem that the posture module reports it as being out of date.

 

Has anyone else had to deal with this or workaround it anyway? would automatic remediation force the update of the signatures for windows defender? 

 

For info we are using ISE version 2.4 patch 5,11

 

Thanks for any assistance you can provide.

4 REPLIES 4
Highlighted
Collaborator

Re: ISE posture - Anti Malware definitions and windows defender

HI,

 

   You could choose to kill the windows process or to uninstall the software completely, in which case windows defender should be able to get updated. Check this guide for more information.

 

Regards,

Cristian Matei.

Highlighted
Cisco Employee

Re: ISE posture - Anti Malware definitions and windows defender

Why not use the pre-built conditions?

ANY_am_mac_def Any AM definition check on Mac
ANY_am_mac_inst Any AM installation check on Mac
Any AM definition check on Windows
ANY_am_win_inst Any AM installation check on Windows
 
Highlighted
Beginner

Re: ISE posture - Anti Malware definitions and windows defender

Thanks for the responses

 

@Cristian Matei, I cannot kill the windows defender processes as it is not running on my machine but it is installed and as far as i am aware there is no way to remove it without a lot of effort. The whole idea of the solution as we envisaged it would be to make sure there is an Anti-malware product installed and up to date with no care for the vendor that is being used. 

 

@hslai, we are using these pre-built conditions, the problem is that the posture assessment detects both windows defender and the users own installed anti-malware software such as avast, Symantec etc. However, when these are installed they disabled updates for windows defender somehow and this stops the updates being applied and leaves the definitions out of date. 

 

Because of this ISE receives the posture report from client to say it has 2 anti-malware products installed one is installed, enabled and up to date and the other is installed and not up to date. 

 

I guess i need a way to be able to tell ISE to be happy that there is at least one anti-malware product that is up to date. rather than failing when 1 of the products it has found is not up to date. 

 

 

Highlighted
Cisco Employee

Re: ISE posture - Anti Malware definitions and windows defender