Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8547
Views
5
Helpful
8
Replies

ISE Windows Update Check?

AJ Cruz
Level 3
Level 3

‎02-07-2013 06:58 PM - edited ‎03-10-2019 08:04 PM

I see in ISE Windows Update remediations, but I don't see how to check for missing windows updates?

Anyone find any documentation on this or know how to do it?

Thanks

3 people had this problem
Labels:
0 Helpful
8 Replies 8

nspasov
Cisco Employee
Cisco Employee

‎02-08-2013 08:35 PM

You will need to configure some posture checks. A very good source of documentation is Cisco's TrustSec guide:

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html

Thank you for rating!

0 Helpful

AJ Cruz
Level 3
Level 3
In response to nspasov

‎02-08-2013 08:41 PM

I didn't see how to do the posture checks, I discovered the issue was I was always looking in the "Windows all" group. When I select a specific platform like "Windows 7 (all)" then I see the hotfix checks.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to AJ Cruz

‎02-10-2013 08:14 PM

Very good! So your issue is solved then? If so we should close the thread

danielnunes
Level 1
Level 1
In response to AJ Cruz

‎05-17-2013 09:15 AM

Hi Friend,

please, did you find how to check the last updates on Windows?

I can not find out how to do this!!

Could you help me about it?

thanks a lot

0 Helpful

michael Helmbo
Level 1
Level 1
In response to danielnunes

‎07-15-2016 12:59 AM

Hi did you ever find a solution to this problem?

We don't really care about specific updates. We just want to check for windows having the latest updates available - so its also is auto updated instead of us having to manually update with specific updates. 

Thanks

0 Helpful

askhuran
Level 1
Level 1

‎05-18-2013 09:29 AM

You cannot adopt a manual method to check for missing Windows Update.  It is the Windows Update Services (WUAUSERV) that checks for the  Windows Update State of a machine using query response mechanism and by  checking various files as well as registry settings and whether last  update was successfully completed.

Windows update information and settings are at the following path in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update

Key Value Pair: NextDetectionTime

You may require to create Registry Condition & Compound Condition. Besides this you can also probe some other values in the above registry key path

So for that matter, You can configure posture validation based on the registry

Optionally, you can configure Windows Server Update Services  (WSUS) remediation instead for your posture validation policy. More  detailed help is available at the following location:

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_pos_pol.html#wp1979471

0 Helpful

karenmar
Cisco Employee
Cisco Employee

‎03-07-2023 09:08 PM

Hi AJ, can you please explain the method you used for this ?

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to karenmar

‎03-12-2023 10:04 AM

@karenmar  This is an old thread. In the future, please start a new one.

From what AJ wrote, it appears using the hot fixes provided by Cisco.

Screenshot 2023-03-12 at 10.04.07.png

0 Helpful
Customers Also Viewed These Support Documents