01-04-2024 04:50 AM - edited 01-04-2024 04:52 AM
Hi,
After upgrading Cisco Secure Endpoint from 7.5.5 to 8.1.7, ISE Posture didn't recognize Cisco Secure Endpoint 8.1.7 under the Anti-Malware condition, which caused the scan to fail.
I've noticed that Secure Endpoint 8.1.7 has become part of the Secure Client 5.x, causing the Anti-Malware condition to not detect it. I'm not sure if this assumption is correct. Has anyone ever encountered this problem
<Secure Endpoint 8.1.7 running on my client>
<Anti-Malware condition on ISE>
Thank you for the response.
Solved! Go to Solution.
01-09-2024 08:33 PM - edited 01-09-2024 08:35 PM
@bakaholic39 Try updating CM first. For AnyConnect, only the latest two releases are supported, and CM needs be the latest.
I tried with AC 4.10.8025.0 with CM 4.3.3805.8192 (the same one used with CSC 5.x) and it worked fine.
01-04-2024 05:37 AM
What version of ISE? Posture Feed update enabled and latest downloaded?
01-04-2024 05:59 AM - edited 01-04-2024 06:04 AM
ISE is running on 3.1.0.518 Patch 3 and Posture last update status is up-to-date.
01-04-2024 06:32 AM
My guess is that Cisco has not yet included that version in the Posture Feed or the name of the product has changed with the Secure Client re-brand. I would suggest opening a TAC case.
Patch 3 is also quite old at this point. I don't think this is your issue but I would highly suggest installing the latest patch.
01-09-2024 07:29 PM
Usually, what matters is Cisco Secure Client Compliance Module version. It worked for me on a Windows 11 23H2 VM hosted in Azure with the following:
Here is the screenshot of the CSC on the Windows Client:
01-09-2024 07:50 PM - edited 01-09-2024 07:59 PM
My agent still using AnyConnect 4.10.05085 with CM 4.3.2716.6145 and just upgraded Secure Endpoint to 8.1.7.21585 from 7.5.5.21061. I don't know if Secure Endpoint 8.x can works with AnyConnect 4.10 or not, or do I have to upgrade agent to version 5 (Secure Client).
My posture update.
01-09-2024 07:31 PM - edited 01-09-2024 07:34 PM
I just noticed that your list of installed modules shorter and missing ISE Posture. That is odd to me.
If you are using Temporal Agent, please make a note of the CM version. Try with the most recent version.
01-09-2024 08:33 PM - edited 01-09-2024 08:35 PM
@bakaholic39 Try updating CM first. For AnyConnect, only the latest two releases are supported, and CM needs be the latest.
I tried with AC 4.10.8025.0 with CM 4.3.3805.8192 (the same one used with CSC 5.x) and it worked fine.
01-09-2024 08:35 PM
@hslai
I will try that. Thanks for your response.
01-11-2024 01:05 PM - edited 01-11-2024 01:06 PM
@hslai
I tried AC 4.10 with CM 4.3.3805.8192, and it's working fine with Secure Endpoint 8.x. But I have one doubt
Secure Endpoint 8.x and Kaspersky Endpoint Security 11.x requires CM 4.3.3726.6145 for minimum.
When I was running CM 4.3.2716.6145, why could Posture detect Kaspersky 11 (even though it didn't pass the minimum), but Secure Endpoint 8 not?
01-11-2024 04:34 PM
@bakaholic39 It could be due to some bug fixes. One of my ISE instances has older support chart, which shows 4.3.183.2048 as the minimal CM version for Kaspersky Endpoint Security 11.x.
01-11-2024 05:52 PM
@hslai
It seems the last of your definition updates is out of date, it still holds in 2022. Anyway, if I want to use other anti-malware software, how do I know the exact minimum value?
01-11-2024 07:23 PM
@bakaholic39 Please periodically perform the ISE posture update and use the info from the latest support chart.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide