ISE Posture check

babalao · ‎07-15-2024

Hello,

We are implementing ISE posture check.

I did not find how to check the following, please if it possible with ISE let me know:

1- Check if the antimalware software ran a succsesful scan it the past x days.

2- check if the PC is not conected to an OPEN WIFI network.

thank you

ahollifield · ‎07-15-2024

Depends on the antimalware software. https://community.cisco.com/t5/security-knowledge-base/ise-posture-prescriptive-deployment-guide/ta-p/3680273
https://www.cisco.com/c/en/us/td/docs/security/ise/ac_compliance_module/cisco-anyconnect-ise-posture-windows-support-charts-for-compliance-module-v4-3-4114-8192.html
This is handled via the endpoint itself, not ISE. Best to use GPO, MDM, or Cisco Secure Client NAM to control this.

babalao · ‎07-15-2024

Hello,

I do not see anything about a antimalware SCAN on this docs.

I mean if I can check based on a scan not malware definitions (date,latest).

Thank you.

ahollifield · ‎07-15-2024

I see what you are asking now. I'm not aware of a way to check for most recent scan.

babalao · ‎07-17-2024

Ok, I guess it is not possible with ISE.

Thanks.

Marcelo Morais · ‎07-19-2024

Hi @babalao ,

please check the Posture Condition Script Support (ISE 3.2+).

Administrator can run a script as a "Posture Condition" (at Policy > Policy Elements > Conditions > Posture > Script) to check against Windows, macOS and Linux OS (PowerShell, SHELL and SHELL respectively).

For Antimalware Scan ...

Check if you can "monitor" your Antimalware update via PowerShell/Shell script, checking the Antimalware log files, for ex: C:\ProgramData\<Antimalware>\Updatelog.txt.

Try to use a script like this (if possible):

Select-String -Path C:\ProgramData\<Antimalware>\Updatelog.txt -Pattern Updated

For "Open WiFi" ...

Check if you are able to use the following command in a PowerShell/Shell script:

PS> Get-NetIPConfiguration

Hope this helps !!!