cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

765
Views
0
Helpful
5
Replies
Highlighted
Beginner

ISE 2.1 Anyconnect Posture Assessment failure for AV

Hi,

 

Posture assessment fails because Cisco Anyconnect is not recognizing the installed AV, but it only see the Windows Defender installed. The problem is, since the user has McAfee, it automatically disabled the Windows Defender and therefore no updates are being made (please see attached). What is the possible workaround for this?

 

Everyone's tags (4)
5 REPLIES 5
Hall of Fame Guru

Re: ISE 2.1 Anyconnect Posture Assessment failure for AV

There are several bugs associated with AnyConnect Posture module and McAfee. They are for the most part resolved with the current AC release.

 

What version of AC Posture module are you using?

Beginner

Re: ISE 2.1 Anyconnect Posture Assessment failure for AV

We're using Anyconnect 4.3 for both Windows and Mac. Please note that the same case happens to user with AVAST.

 

Another case was the user has Norton antivirus installed. The Posture assessment was able to detect the Norton antivirus and Defender. However, it still failed because the Defender is not updated.

VIP Advocate

Re: ISE 2.1 Anyconnect Posture Assessment failure for AV

What does your posture requirements look like? If you have selected Norton AV alone to be updated within a certain number of days, Windows defender should not matter. But if you use the inbuilt Any AV policy, it will expect any AV detected to be updated. 

Beginner

Re: ISE 2.1 Anyconnect Posture Assessment failure for AV

Hi Rahul,

 

Thanks for your response. I see your point here. So is there a way to make Anyconnect ignore Bit Defender (which is native in Windows 8/10) when there is another AV installed?

 

Regards,

 

 

Hall of Fame Guru

Re: ISE 2.1 Anyconnect Posture Assessment failure for AV

Please share your ISE Posture Policy details.

 

If you are telling ISE to check for AV it will find Windows Defender and fail.

 

If you are telling it to check for McAfee it should find it and pass if the version and signatures meet the policy requirements.