Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
0
Helpful
1
Replies

ISE Remediation Automatic Install

mnpattan
Cisco Employee
Cisco Employee

‎04-10-2018 10:59 PM

I’m working with a customer to explore the ISE remediation options. The customer’s requirement is for ISE to be able to install an agent (SCCM, ePO, MBAM, etc.) when the respective install posture condition fails. I see we have options to download the exe using the “File Remediation” and launch the exe using the “Launch Program Remediation”, but I do not see an option to have these executed in sequence within a requirement.

The customer is also looking for programs/scripts to be launched using a SYSTEM account, as the user accounts may not have the privileges.

I’m trying to find if anyone has been able to do something similar for any customers. Any pointers would be of great help.

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎04-15-2018 01:42 PM

When a matched ISE posture policy rule has more than one requirements, they are run in sequence.

For example from our lab guide on Compliance, the AV install requirement will be checked before the AV definition as below.

Rule Name

ID Groups

OS

CM

Other Conditions

Requirements

Employee Windows AV installed and current

Any

Windows 7 (All)

3.x or earlier

demoAD:ExternalGroups EQUALS

demo.local/HCC/Groups/Employees

P

ClamWin AV Installation Win7

P

ClamWin AV Current Win7

Guest Windows AV installed and current

Any

Windows All

3.x or earlier

Network Access:UseCase EQUALS Guest Flow

P

Any_AV_Installation_Win

P

Any_AV_Definition_Win

0 Helpful
Customers Also Viewed These Support Documents