Clearpass Onguard Auto-Remediation

Often people have questions on Clearpass Onguard like what firewalls and anti-virus softwares are supported? What P2P apps do we detect? etc. And which of these do we support auto-remediation for? For example, which firewalls can Onguard enable for the user automatically if the administrator has set a policy for it to be enabled. etc. This article will answer these questions.


For a complete list of supported third-party products and auto-remediation actions, go to the following page in your Clearpass server: Administration > Agents and Software Updates > OnGuard Settings. Next, click the Help link on the top right, and then click the OnGuard Agent Support Charts link.


Here are some screenshots:











The meanings of fields/columns in Support Charts and which of them is auto-remediation action is listed below:


Common Attributes
Attribute NameDescription
Product_NameProduct Name
VersionProduct Version


Attribute NameDescriptionAuto-Remediation Action
GetDataFileTimeRetrieve the last modification time of the current definition/pattern file used by the Antivirus productNo
GetDataFileVersionRetrieve the current version of the definition/pattern file used by the Antivirus productNo
EngineVersionRetrieve the version of the Antivirus' scanning engineNo
Check RTPRetrieve the state of the Real-Time Protection (RTP) of the Antivirus productNo
LiveUpdateUpdate the Antivirus product (Dat File, Engine Version etc.)Yes
Sync/Async UpdateNot Used
SetRTPEnable/disable the Real-Time Protection (RTP) of the Antivirus productYes
LastScanTimeRetrieve the date and time of the last completed full system scan ran on the endpoint by the Antivirus productNo
FullSystemScanLaunch a full system scan for the Antivirus productYes
GetVirusDefServFull System Scan In ProgressNo
IsFullScanInProgCheck if the Antivirus product is currently running a full system scanNo


Attribute NameDescriptionAuto-Remediation Action
GetLocationsRetrieve list of encrypted locationsNo
GetEncStateRetrieve encryption state of location (drive)No


Attribute NameDescriptionAuto-Remediation Action
IsEnabledRetrieve Firewall State (enabled/disabled)No
TurnOnEnable the FirewalYes
TurnOffDisable the FirewallYes


Attribute NameDescriptionAuto-Remediation Action
IsRunningRetrieve running state of P2P applicationNo
TerminateTerminate running P2P applicationYes


Patch Management
Attribute NameDescriptionAuto-Remediation Action
IsEnabledCheck if Patch agent is enabled or notNo
EnableSet Patch Agent to enabled stateYes
ListMissingDetect missing patchesNo
InstallMissingInstall Missing PatchesYes


Virtual Machine
Attribute NameDescriptionAuto-Remediation Action
EnumerateVMsEnumerate Virtual Machines on the systemNo
GetVMInformationGet extended information of a virtual machine (Name, Path, OS Version etc.)No
PauseVMPause the running Virtual MachineYes
StopVMStop the running Virtual MachineYes
GetHypervisorTypeRetrieve Hypervisor Type of Virtual MachineNo


Meaning of value fields:
V - Implemented
O - Not Supported
X - Not Implemented
Z - Implemented on Windows with Security Center (WMI) available
Search Airheads
Showing results for 
Search instead for 
Did you mean: