Cisco ISE AV Definition out of date

Marcin Zgola · ‎12-19-2016

Setting up posture AV definition check in ISE, i noticed latest revision dates under Policy Elements>condition>AV Compound condition to be couple of weeks old for my symantec end point protection. What cisco uses to get the proper definition update versions? I compared against bitdefender and it shows all current meaning lastest definition 12/19/2106 but with symantec it shows 12/3/16.

Why is that?

This creates the problem...

Thanks

CCIE 18676

Marvin Rhoads · ‎12-19-2016

The ISE AV definitions are updated from the following URL:

https://www.perfigo.com/ise/posture-update.xml

If we dig into it, we can see that AV definitions come from the file:

https://www.perfigo.com/ise/repository/posture/av-chart.tar.gz

Unpacking that file will show you all of the definitions that ISE uses to check for AV vendor definitions. If you are finding a given file is out of date, your best recourse is to open a TAC case on it. We recently saw the same with Trend Micro Version 12 not being recognized at all.

Gagandeep Singh · ‎12-20-2016

We have a related bug filed.

CSCvc20000 ISE 2.1 Posture Anti-Malware Definitions date and version missing from the Posture Updates

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc20000/?reffering_site=dumpcr

ISE Posture condition on Anti-Malware definition check is failing due to the latest definition date and version missing from the Posture Updates.

Regards

Gagan

ps: rate if it helps!!!!