Hi,according to me, your

Pranav Gade · ‎05-07-2015

Hi All,

I am running with Cisco ISE 1.2.1 with certificate authentication (EAP-TLS) which is working perfectly fine for me. Please find current setup and configuration

We are facing issue with posturing in Antivirus and Windows Update.

Antivirus - We are running with Microsoft forefront so have configured the condition for antivirus installation and definition for vendor Microsoft

Windows - we are running with SCCM for windows updated and we have configured Pr_Wsusrule

Authorization Policy –

If user Not complaint & AD user & EAP-TLS ---------à it should apply Profile with remediation acl
If User Complaint & AD user & EAP-TLS ---------à it should get full access

Issue -

Currently authentication is working fine but after authentication if machine is not complaint (for e.g we checked with removing some windows update) it’s not falling to remediation state and directly becoming complaint so my question as follows

1 – Is SCCM windows update server is compatible with ISE 1.2.1

2 – Is Microsoft Antivirus is compatible with ISE 1.2.1

3 – If both are compatible then still it’s not falling to remediation

Can anybody tell me the solution for the same.

Thanks in advance

Regards

Abdallah Anouar · ‎05-07-2015

You can look at the "Posture Detail Assessment" (Reports ->Endpoints and Users ) to check if they were detected by agent.

Pranav Gade · ‎05-07-2015

Hi anouarabd,

Thanks for reply I have checked "Posture Detail Assessment" and meeting all posture which we configured ( Antivirus + Windows).

We have removed some windows updated in domain machine still its not going to remedeation and falling in complaint endpoints itself.

Regards

Abdallah Anouar · ‎05-07-2015

If you can post your posture policies and a screenshot of what you found on "Posture Detail Assessment" (mainly "Posture Policy Details").

Pranav Gade · ‎05-07-2015

Hi anouarabd,

Please find attached Screen shots

Abdallah Anouar · ‎05-07-2015

To know which policy was matched , please check the section "Posture Policy Details" on "Posture Detail Assessment"

Pranav Gade · ‎05-07-2015

Hi anouarabd,

As I checked its matching to same configured Posture Policy.

adityaM1234 · ‎06-19-2015

Hi,

according to me, your windows update check policy is at bottom in posture policy.

ISE checkes policy from top to first match; here your AV Policy is getting hit and endpoints are getting Posture complient state.

You can move your windows update check policy at top and then try

Thanks

Aditya

jan.nielsen · ‎05-08-2015

As far is i know SCCM is not the same as WSUS which is supported in ISE, so that probably wont work.However SCCM might have been introduced in ISE 1.4, there are some changes to the posture features introduced there.

Pranav Gade · ‎05-09-2015

Hi jan.nielsen,

Thanks for reply.. Can you share me any document regarding ISE compatibility with SCCM/WSUS

Regards

jan.nielsen · ‎05-09-2015

It should be in the supported devices document, that is on cisco.com, just search for ise <your version> supported devices

Pranav Gade · ‎05-10-2015

HI jan.nielsen,

I have tried to check but its not mentioning anything regrading compatibility with WSUS/SCCM

Regards

Venkatesh Attuluri · ‎05-19-2015

ISE 1.4 supports SCCM integration

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide_14_chapter_010010.html

adityaM1234 · ‎06-19-2015

Hi,

according to me, your Windows update check policy is at bottom

ISE checks policy from top to first match. In this case your AV policy is getting hit hence endpoints are getting complient state

My suggestion is, move the windows update check policy at top and then try

It is better to combine multiple conditions in one requirement and then assign that requirement in your posture policy

Thanks,

Aditya

ISE Posture remediation issue with Antivirus and Windows