Security

Hi all,

 

If i allow clear pass to communicate with internet. It will download posture, profile, patch and firmware updates.

 

It automatically installs posture and profile updates.

Will it give option to download , install the patch and firmware updates??? or it will install patch and firmware updates.

 

I have seen a update regarding anti virus/ anti spyware updates. this updates are used to protect clearpass from virus and spyware   or it is used by Onguard to check the posture and validate ???

 

Is there any option to allow only Antivirus/Antispyware updates and stop other updates???

 

Warm Regards

Sri

It will give you the option to install patches and updates. The system will never install patches or upgrades.

The antivirus and anti spyware is for onguard only.

Are you talking about the onguard agents updating a PC that is out of compliance for your last question?

---

@tarnold wrote:
It will give you the option to install patches and updates. The system will never install patches or upgrades.

The antivirus and anti spyware is for onguard only.

Are you talking about the onguard agents updating a PC that is out of compliance for your last question?

---

Ya . You mean to say clearpass will get AV/AS updates  and pushes to client machines via onguard agent or will it say to update to meet the compliance??

 

I just want to get only AV/AS updates. and other updates like windows hotfixes, End profile updates shouldn't happen

 

 

 

 

What clear pass is getting is the list of what the latest version should be. It does not pull down all the av updates directly. If a device is out of compliance and you have auto remediation enabled what onguard does is trigger the update service built into the av to make the av to pull down the latest update. If you click the help link in the top right corner of the CPPM server there is a chart in there that will tell you what can be auto remediated and what has to be fixed by the user themselves.

In the onguard settings you can chose what service you want auto updated and what you want to check for and just notify the user the setting is out of compliance.

---

@tarnold wrote:
What clear pass is getting is the list of what the latest version should be. It does not pull down all the av updates directly. If a device is out of compliance and you have auto remediation enabled what onguard does is trigger the update service built into the av to make the av to pull down the latest update. If you click the help link in the top right corner of the CPPM server there is a chart in there that will tell you what can be auto remediated and what has to be fixed by the user themselves.

In the onguard settings you can chose what service you want auto updated and what you want to check for and just notify the user the setting is out of compliance.

---

OK Thank You.

 

So if i make cp to communicate with internet. It will just get the list of latest versions for AV/AS . 

 

And it gives the list of patch updates and firmware upgrades to be downloaded

Correct

---

@tarnold wrote:
Correct

---

Hi,

 

Is there any options for software updates, like allowing only to get AV/AS updates, or only profile endpoint updates.

 

like allowing software updates, but restricting updates based on category.

 

Warm Regards

Srikanth 

You should put in a feature request for this.