Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
923
Views
6
Helpful
12
Replies

ISE Posture with Cisco Secure Endpoint 8.x

Go to solution
bakaholic39
Level 1
Level 1

‎01-04-2024 04:50 AM - edited ‎01-04-2024 04:52 AM

Hi,

After upgrading Cisco Secure Endpoint from 7.5.5 to 8.1.7, ISE Posture didn't recognize Cisco Secure Endpoint 8.1.7 under the Anti-Malware condition, which caused the scan to fail.

I've noticed that Secure Endpoint 8.1.7 has become part of the Secure Client 5.x, causing the Anti-Malware condition to not detect it. I'm not sure if this assumption is correct. Has anyone ever encountered this problempastedImage.png






 

 

 

<Secure Endpoint 8.1.7 running on my client>

 

 

pastedImage2.png<Anti-Malware condition on ISE>


Thank you for the response.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎01-09-2024 08:33 PM - edited ‎01-09-2024 08:35 PM

@bakaholic39  Try updating CM first. For AnyConnect, only the latest two releases are supported, and CM needs be the latest.

I tried with AC 4.10.8025.0 with CM 4.3.3805.8192 (the same one used with CSC 5.x) and it worked fine.

Screenshot 2024-01-09 at 20.35.21.png

View solution in original post

12 Replies 12

Go to solution
ahollifield
VIP
VIP

‎01-04-2024 05:37 AM

What version of ISE?  Posture Feed update enabled and latest downloaded?

0 Helpful

Go to solution
bakaholic39
Level 1
Level 1
In response to ahollifield

‎01-04-2024 05:59 AM - edited ‎01-04-2024 06:04 AM

ISE is running on 3.1.0.518 Patch 3 and Posture last update status is up-to-date.

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to bakaholic39

‎01-04-2024 06:32 AM

My guess is that Cisco has not yet included that version in the Posture Feed or the name of the product has changed with the Secure Client re-brand.  I would suggest opening a TAC case.

Patch 3 is also quite old at this point.  I don't think this is your issue but I would highly suggest installing the latest patch.

Go to solution
hslai
Cisco Employee
Cisco Employee

‎01-09-2024 07:29 PM

@bakaholic39

Usually, what matters is Cisco Secure Client Compliance Module version. It worked for me on a Windows 11 23H2 VM hosted in Azure with the following:

  • Cisco Secure Client 5.1.1.42 with Cisco Secure Client Compliance Module Windows 4.3.3805.8192
  • Cisco Secure Endpoint 8.2.1.21650
  • ISE 3.3 Patch 1 with the following posture update:
    • Cisco conditions version 291942.0.0.0
    • Cisco AV/AS support chart version for windows 282.0.0.0
    • Cisco AV/AS support chart version for Mac OSX 199.0.0.0
    • Cisco AV/AS support chart version for Linux 51.0.0.0
    • Cisco supported OS version 90.6.3.0

 Here is the screenshot of the CSC on the Windows Client: Screenshot 2024-01-09 at 19.18.57.png

Go to solution
bakaholic39
Level 1
Level 1
In response to hslai

‎01-09-2024 07:50 PM - edited ‎01-09-2024 07:59 PM

@hslai 

My agent still using AnyConnect 4.10.05085 with CM 4.3.2716.6145 and just upgraded Secure Endpoint to 8.1.7.21585 from 7.5.5.21061. I don't know if Secure Endpoint 8.x can works with AnyConnect 4.10 or not, or do I have to upgrade agent to version 5 (Secure Client).

My posture update.

Screenshot 2024-01-10 104128.png

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎01-09-2024 07:31 PM - edited ‎01-09-2024 07:34 PM

@bakaholic39 

I just noticed that your list of installed modules shorter and missing ISE Posture. That is odd to me.

If you are using Temporal Agent, please make a note of the CM version. Try with the most recent version.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎01-09-2024 08:33 PM - edited ‎01-09-2024 08:35 PM

@bakaholic39  Try updating CM first. For AnyConnect, only the latest two releases are supported, and CM needs be the latest.

I tried with AC 4.10.8025.0 with CM 4.3.3805.8192 (the same one used with CSC 5.x) and it worked fine.

Screenshot 2024-01-09 at 20.35.21.png

Go to solution
bakaholic39
Level 1
Level 1
In response to hslai

‎01-09-2024 08:35 PM

@hslai 
I will try that. Thanks for your response.

0 Helpful

Go to solution
bakaholic39
Level 1
Level 1
In response to hslai

‎01-11-2024 01:05 PM - edited ‎01-11-2024 01:06 PM

@hslai 
I tried AC 4.10 with CM 4.3.3805.8192, and it's working fine with Secure Endpoint 8.x. But I have one doubt

Secure Endpoint 8.x and Kaspersky Endpoint Security 11.x requires CM 4.3.3726.6145 for minimum. 
When I was running CM 4.3.2716.6145, why could Posture detect Kaspersky 11 (even though it didn't pass the minimum), but Secure Endpoint 8 not?

Screenshot 2024-01-12 040304.png

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to bakaholic39

‎01-11-2024 04:34 PM

@bakaholic39 It could be due to some bug fixes. One of my ISE instances has older support chart, which shows 4.3.183.2048 as the minimal CM version for Kaspersky Endpoint Security 11.x.

Screenshot 2024-01-11 at 16.31.09.png

Go to solution
bakaholic39
Level 1
Level 1
In response to hslai

‎01-11-2024 05:52 PM

@hslai 
It seems the last of your definition updates is out of date, it still holds in 2022. Anyway, if I want to use other anti-malware software, how do I know the exact minimum value?

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to bakaholic39

‎01-11-2024 07:23 PM

@bakaholic39 Please periodically perform the ISE posture update and use the info from the latest support chart.

Customers Also Viewed These Support Documents