05-11-2018 06:22 AM - edited 02-21-2020 10:55 AM
Dears,
I have created a posture for only to check the AV software is available on the machine ?? though the AV software is not available still the machine gets into compliant mode and get full access.
actually I want to troubleshoot deeply by investigating posture logs how I can collect and after collecting it is a bunch of logs what keyword I have to search in the logs to hit to the proper cause where it fails.
thanks
05-11-2018 06:31 AM
If you post the configs we can probably do a better job of helping. I can't say I've ever had a false positive like that. What version of ISE are you using? What AnyConnect / WebAgent software is on the Client? What Compliance Module is being used? What AV product and version are you looking for? Is it definately a supported AV product or have you built a custom check manually? (See here for compliance module compatibility)
You can see what AV/AS (etc) products the NAC/AnyConnect Posture Agent has detected by either reviewing the logs on the Client, or by running reports in ISE.
05-11-2018 08:56 AM - edited 05-15-2018 12:26 PM
Dear
ISE 2.2
Anyconnect 4.6
Complaince module 4.6
Kaspersky 10.X and it is supported it was working suddenly I started with this issue.
05-15-2018 12:27 PM
Dears,
Very urgent anybody can help me to give hints how to investigate the issue.
thanks
05-24-2018 01:16 PM
Dear Expert,
Anybody can help me to solve the issue.
thanks
05-25-2018 01:17 AM
Start by looking at the security products the Posture Module says it identifies (either in the Client or via a report from ISE) and compare that to your policies...
That said, if it's proper urgent, call whoever your support partner is.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide