Posture - Application condition and remediation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2024 05:07 AM
Hi,
I would like to check if application (for example: Teamviewer) is running on client and if it is running would like to kill the process before allowing access to the network.
Is it possible to do this in ISE 3.2 ?
I tried configuring application condition, remediation and requirement - but it does not work, AnyConnect does not kill Teamviewer process.
- Labels:
-
Identity Services Engine (ISE)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2024 05:24 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2024 05:43 AM - edited 01-31-2024 05:44 AM
One thing to keep in mind when using the application condition is that the application condition works the way around compared to the processes. For example, if you create a condition of a process that is installed/running and that condition is met, the posture status will be considered as compliant. However, if you do the same with an application condition the posture status will be considered as non-compliant, it's logic is basically inverted, and if the application is not installed/running the status will be considered as compliant.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2024 06:04 AM
In my case, condition is matching but I am not able to kill or uninstall the application automatically using remediation action.
I have tested Text Message in remediation action and it works. If Teamviewer running I am getting a message. Now I want to kill the process automatically.
My question is: is it possible to automatically uninstall application or kill a process ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2024 04:31 AM
I didn't personally test that with Teamviewer, but the option to Uninstall or kill the process is there. Do you get any error during that process? if so, please share a screenshot of it.
