Security

Reply
Aruba Employee
Posts: 64
Registered: ‎11-30-2009

Clearpass Onguard Auto-Remediation

[ Edited ]

Often people have questions on Clearpass Onguard like what firewalls and anti-virus softwares are supported? What P2P apps do we detect? etc. And which of these do we support auto-remediation for? For example, which firewalls can Onguard enable for the user automatically if the administrator has set a policy for it to be enabled. etc. This article will answer these questions.

 

For a complete list of supported third-party products and auto-remediation actions, go to the following page in your Clearpass server: Administration > Agents and Software Updates > OnGuard Settings. Next, click the Help link on the top right, and then click the OnGuard Agent Support Charts link.

 

Here are some screenshots:

 

 c1.png

 

c2.png

 

c3.png

 

c4.png

 

 

The meanings of fields/columns in Support Charts and which of them is auto-remediation action is listed below:

 

Common Attributes
Attribute NameDescription
Product_NameProduct Name
VersionProduct Version

 

AntiVirus/AntiSpyware
Attribute NameDescriptionAuto-Remediation Action
GetDataFileTimeRetrieve the last modification time of the current definition/pattern file used by the Antivirus productNo
GetDataFileVersionRetrieve the current version of the definition/pattern file used by the Antivirus productNo
EngineVersionRetrieve the version of the Antivirus' scanning engineNo
Check RTPRetrieve the state of the Real-Time Protection (RTP) of the Antivirus productNo
LiveUpdateUpdate the Antivirus product (Dat File, Engine Version etc.)Yes
Sync/Async UpdateNot Used
SetRTPEnable/disable the Real-Time Protection (RTP) of the Antivirus productYes
LastScanTimeRetrieve the date and time of the last completed full system scan ran on the endpoint by the Antivirus productNo
FullSystemScanLaunch a full system scan for the Antivirus productYes
GetVirusDefServFull System Scan In ProgressNo
IsFullScanInProgCheck if the Antivirus product is currently running a full system scanNo

 

DiskEncryption
Attribute NameDescriptionAuto-Remediation Action
GetLocationsRetrieve list of encrypted locationsNo
GetEncStateRetrieve encryption state of location (drive)No

 

Firewall
Attribute NameDescriptionAuto-Remediation Action
IsEnabledRetrieve Firewall State (enabled/disabled)No
TurnOnEnable the FirewalYes
TurnOffDisable the FirewallYes

 

P2P
Attribute NameDescriptionAuto-Remediation Action
IsRunningRetrieve running state of P2P applicationNo
TerminateTerminate running P2P applicationYes

 

Patch Management
Attribute NameDescriptionAuto-Remediation Action
IsEnabledCheck if Patch agent is enabled or notNo
EnableSet Patch Agent to enabled stateYes
ListMissingDetect missing patchesNo
InstallMissingInstall Missing PatchesYes

 

Virtual Machine
Attribute NameDescriptionAuto-Remediation Action
EnumerateVMsEnumerate Virtual Machines on the systemNo
GetVMInformationGet extended information of a virtual machine (Name, Path, OS Version etc.)No
PauseVMPause the running Virtual MachineYes
StopVMStop the running Virtual MachineYes
GetHypervisorTypeRetrieve Hypervisor Type of Virtual MachineNo

 

Meaning of value fields:
V - Implemented
O - Not Supported
X - Not Implemented
Z - Implemented on Windows with Security Center (WMI) available
Search Airheads
Showing results for 
Search instead for 
Did you mean: