05-21-2018 01:35 AM
I’m reaching out in need of some support with an issue I am facing with a customer ISE project.
Customer has Landesk Version 10 Security Patch Manager by which they push Windows Security Patches to all endpoints. They have two requirements.
I have created policies for Rule 1 and 2. Rule 1 works well and detects the running application. Rule 2 testing was done on 2 machines.
Issue: For the second machine, even though the patches weren’t latest, the status became back as compliant. I checked the reports on ISE and saw that ISE was passing the critical patches condition for Landesk successfully. Didn’t get any more details. How is Anyconnect checking the installation of critical patches through Landesk. Is it integrated with the Landesk Client on PC and checks with the server for comparison?
Please provide any inputs on how to mitigate this issue. Also the best way to check if latest patches are installed.
Solved! Go to Solution.
05-21-2018 09:14 PM
Cisco AnyConnect ISE Posture Windows Support Charts for Compliance Module v4.2.1538.0 shows that LANDESK Software, Inc.'s Security and Patch Manager 9.x required CM 4.2.1331.0 minimal and has support for
Yes, the remediation is generally done through the patch management client. Thus, please also check the logs on the LANDESK side. If you need further details, please get a copy of the DART file and submit it to Cisco TAC.
05-21-2018 09:14 PM
Cisco AnyConnect ISE Posture Windows Support Charts for Compliance Module v4.2.1538.0 shows that LANDESK Software, Inc.'s Security and Patch Manager 9.x required CM 4.2.1331.0 minimal and has support for
Yes, the remediation is generally done through the patch management client. Thus, please also check the logs on the LANDESK side. If you need further details, please get a copy of the DART file and submit it to Cisco TAC.
05-21-2018 10:32 PM
Thanks. I'm using CM 3.6.x which is recently updated than 4.x and support Landesk version 10.
But im still getting posture status as compliant even when patches are missing. Any idea why that is happening?
01-21-2020 02:08 AM
Cisco AnyConnect ISE Posture Windows Support Charts for Compliance Module v4.2.1538.0
Link broken...too bad Cisco removes the older Compliance Module support charts from the portal
09-26-2022 10:40 AM
You can get the updated link, for the last Compliance Module, here: https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-device-support-tables-list.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide