ISE Posture Remediation issue with AV client installation
Problem: If user start AV client installation in pc via AV link remediation after some time (while AV client installation not completed yet) trend micro Update windows gets pop up but not start automatic AV or AS def remediation and Cisco NAC agent shows the message AV definition is not up to date.
Also some time NAC agent give message automatic remediation failed or required user intervention to press ok so NAC can complete remediation process.
I am facing this issues when users don’t have Antivirus client in pc and performing client installation.
We have the following posture policies,
1 AV installation check: if AV is not installed in PC then perform link remediation and let user to download the Antivirus client from provided link.
2 AV definition & AS definition version check (both remediation requirement I putted in one policy): if AV or AS definition version found old then perform automatic remediation.
3. WSUS check
4 SP check
Actually I want, first user install AV client via link remediation once installation complete then move to AV & AS def remediation if required (because in first time AV client installation it automatically download all update from the AV server) otherwise def remediate policy wait for AV client installation completion.
Please can anybody let me know how remediation work internally ? like if "AV inst" remediation start so nac agent wait for it completion and don't start other remediation process e.g AS & AV def?
Second question:what is remediation process sequence ?
Third question: is there anyway we can configure timer in remediation process e.g 5 min for AV inst then 3 min for AV & AS def remediation and then go to other posture remediations ?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :