cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1357
Views
0
Helpful
1
Replies
Highlighted

ISE Posture Remediation issue with AV client installation

Problem: If  user start AV client installation in pc via AV link remediation after some time (while AV client  installation not completed yet) trend micro Update windows gets pop up but not start automatic AV or AS def  remediation and Cisco NAC agent shows the message AV definition is not up to date.

Also some time NAC agent give message automatic remediation failed or required user intervention to press ok so NAC can complete remediation process.

I am facing this issues when users don’t have Antivirus client in pc and performing client installation.

We have the following posture policies,

  • 1      AV installation check: if AV is not installed in PC then perform link remediation and let user to download the Antivirus client from provided link.
  • 2      AV definition & AS definition version check (both remediation requirement I putted in one policy): if AV or AS definition version found old then perform automatic remediation.
  • 3.     WSUS check
  • 4      SP   check

Actually I want, first user install AV client via link remediation once installation complete then move to AV & AS def remediation if required (because in first time AV client installation it automatically download all update from the AV server) otherwise def remediate policy wait for AV client installation completion.

Please can anybody let me know how remediation work internally ? like if  "AV inst" remediation start  so nac agent wait for it completion and don't start other remediation process e.g AS & AV def?

Second question:what is remediation process sequence ?

Third question: is there anyway we can configure timer in remediation process e.g 5 min for AV inst then 3 min for AV & AS def remediation and then go to other posture remediations ?

1 REPLY 1
Highlighted
Participant

ISE Posture Remediation issue with AV client installation

Please check the below guide for Posture Configuration:

http://www.cisco.com/en/US/products/ps11640/products_tech_note09186a0080c15540.shtml