Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1487
Views
0
Helpful
1
Replies

ISE WSUS remediation action "Message Text Only"

Mady
Level 4
Level 4

‎02-02-2017 01:04 AM - edited ‎03-11-2019 12:25 AM

Hi,

 

Does pr_WSUSRule condition can use message text only remediation action? I tried to create WSUS posture requirement and use WSUS manual update as remediation action and tested it. I was able to install the patch manually and the pc become compliant.

 

Then I tried to just use the Message Text Only and removed the patch to check if posture checking would still work, the result must be noncompliant because I removed the patch but the result of the NAC agent was compliant.

 

Also, based on here: Cisco Identity Services Engine User Guide, Release 1.2 - Policy UI Reference [Cisco Identity Services Engine] - Cisco

 

The pr_WSUSRule is a dummy compound condition, which is used in a posture requirement with an associated Windows Server Update Services (WSUS) remediation. The associated WSUS remediation action must be configured to validate Windows updates by using the severity level option. When this requirement fails, the NAC Agent that is installed on the Windows client enforces the WSUS remediation action based on the severity level that you define in the WSUS remediation.

 

pr_WSUSRule would have its own remediation so it won't work if the stated remediation action is Message Text Only?Please correct me.

 

Please help me clarify this.

Thanks in advance!

2 people had this problem
Labels:
0 Helpful
1 Reply 1

fedor.solovev
Spotlight
Spotlight

‎01-21-2021 02:17 PM

Hello, Mady.
Did you find the solution ?

0 Helpful
Customers Also Viewed These Support Documents