Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1457
Views
0
Helpful
2
Replies

ISE Posture checking Mcafee definition up-to-date.

Go to solution
Nate Zhang
Cisco Employee
Cisco Employee

‎08-26-2019 03:11 AM

When testing, we found there would be one situation as following. Our Setup;

 

  • Posture Policy is configured 'Check against latest AV definition file version if available.'
  • ISE is updating Posture database every 2hrs.
  • EPO server (On Premises) is updating the database once a day.

Testing steps:

  1. ISE is updated to version X while EPO server is X-1 yet.
  2. When booting up the endpoint whose definition version is much older like X-5, ISE indicates it is non compliant and initiates remediation.
  3. The endpoint will sync up with EPO server and updates to X-1.
  4. ISE still takes endpoint as non compliant since its own version is X and expect the endpoint upgrades to X.

 

It should be a corner case and we can avoid this case by using posture policy 'Allow virus definition file to be  X

I was just curious if there is any feature to make ISE and EPO server have the same version anytime in case endpoint is blocked due to ISE or EPO server failed to update their database and mess up the production.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎08-27-2019 01:55 AM

Other than using the option of 'X days older than last file date'., you can also make use of grace period in your posture policy so that access is not completely blocked. 

More information here

 

Thanks,

Nidhi 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎08-26-2019 09:22 PM

Hi
On ISE, except configuring to accept x-1 signature, there's nothing more you can do.
I'm not a McAfee expert, but is there any config you can do to check more often as 1 per day?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎08-27-2019 01:55 AM

Other than using the option of 'X days older than last file date'., you can also make use of grace period in your posture policy so that access is not completely blocked. 

More information here

 

Thanks,

Nidhi 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents