Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
0
Helpful
4
Replies

ISE posture - SCCM remediation for Symanetc AV installation

Go to solution
dngore
Cisco Employee
Cisco Employee

‎01-11-2019 04:50 AM

Hi,

Customer is using SCCM server for deploying Symantec AV on user systems.

 

It is known that ISE (Anyconnect client) can integrate with SCCM client for automatic remediation for windows patches.

 

Can same integration be used to install Symantec AV package automatically on system using SCCM agent?

 

Customer is looking for automatic way to remediate non-compliant system for symanetc AV installation.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎01-11-2019 08:33 AM

Hi DMG, 

 

As we discussed on the phone today, want to update this thread for closure. 

Symantec patches cannot be installed with SCCM client. SCCM client is for Microsoft patches. You will have to identify the symantec agent running on the endpoint to do the patch management.

Regarding the existence of any AV software in the endpoint, you can create a file/registry /service condition. The remediation is limited to messaging to the user to install it from a specified link if the AV is missing. 

We also discussed about using the policy configured in SCCM server, to check for the compliance status. however, in case of non-compliant status, we cannot deploy a package from SCCM server via ISE.

 

Thanks,

Nidhi

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Aravind Ravichandran
Level 3
Level 3

‎01-11-2019 07:13 AM

Hello,

Patch management is meant to check patch update & not for software installation.

In SCCM server, there are two catagories like software update & deployment package.

Symantec AV installation will be defined under deployment package & if any microsoft update is available it will show under all software updates.

Even if SCCM patch management is defined in ISE, It will check whether All/ Critical/important patches were installed.Symantec AV will not fall under patch management catagory & so it won't get marked as non-compliant even if symantec av is not present in patch management check.

 

Remediation is possible in case of windows patch not for software installation.

 

-Aravind

-Aravind
0 Helpful

Go to solution
paul
Level 10
Level 10
In response to Aravind Ravichandran

‎01-11-2019 07:40 AM

For the Symantec AV check the posture module doesn't care how the software arrived on they system it is posturing.  You can configure a Symantec AV check using the Malware checks to ensure Symantec is installed, running and definitions are up to date.  The posture module can automatically remediate the running and definitions up to date conditions.  It cannot automatically remediate the not installed.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to paul

‎01-11-2019 07:46 AM

I would think at a macro level SCCM could perhaps call this out as a requirement. If ISE asks SCCM its status and its not compliant then the anyconnect will request SCCM to update?
0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎01-11-2019 08:33 AM

Hi DMG, 

 

As we discussed on the phone today, want to update this thread for closure. 

Symantec patches cannot be installed with SCCM client. SCCM client is for Microsoft patches. You will have to identify the symantec agent running on the endpoint to do the patch management.

Regarding the existence of any AV software in the endpoint, you can create a file/registry /service condition. The remediation is limited to messaging to the user to install it from a specified link if the AV is missing. 

We also discussed about using the policy configured in SCCM server, to check for the compliance status. however, in case of non-compliant status, we cannot deploy a package from SCCM server via ISE.

 

Thanks,

Nidhi

0 Helpful
Customers Also Viewed These Support Documents