Security

last person joined: an hour ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Onguard Auto-Remediation

  • 1.  Clearpass Onguard Auto-Remediation

    Posted Apr 28, 2014 07:58 AM

    Often people have questions on Clearpass Onguard like what firewalls and anti-virus softwares are supported? What P2P apps do we detect? etc. And which of these do we support auto-remediation for? For example, which firewalls can Onguard enable for the user automatically if the administrator has set a policy for it to be enabled. etc. This article will answer these questions.

     

    For a complete list of supported third-party products and auto-remediation actions, go to the following page in your Clearpass server: Administration > Agents and Software Updates > OnGuard Settings. Next, click the Help link on the top right, and then click the OnGuard Agent Support Charts link.

     

    Here are some screenshots:

     

     c1.png

     

    c2.png

     

    c3.png

     

    c4.png

     

     

    The meanings of fields/columns in Support Charts and which of them is auto-remediation action is listed below:

     

    Common Attributes
    Attribute NameDescription
    Product_NameProduct Name
    VersionProduct Version

     

    AntiVirus/AntiSpyware
    Attribute NameDescriptionAuto-Remediation Action
    GetDataFileTimeRetrieve the last modification time of the current definition/pattern file used by the Antivirus productNo
    GetDataFileVersionRetrieve the current version of the definition/pattern file used by the Antivirus productNo
    EngineVersionRetrieve the version of the Antivirus' scanning engineNo
    Check RTPRetrieve the state of the Real-Time Protection (RTP) of the Antivirus productNo
    LiveUpdateUpdate the Antivirus product (Dat File, Engine Version etc.)Yes
    Sync/Async UpdateNot Used
    SetRTPEnable/disable the Real-Time Protection (RTP) of the Antivirus productYes
    LastScanTimeRetrieve the date and time of the last completed full system scan ran on the endpoint by the Antivirus productNo
    FullSystemScanLaunch a full system scan for the Antivirus productYes
    GetVirusDefServFull System Scan In ProgressNo
    IsFullScanInProgCheck if the Antivirus product is currently running a full system scanNo

     

    DiskEncryption
    Attribute NameDescriptionAuto-Remediation Action
    GetLocationsRetrieve list of encrypted locationsNo
    GetEncStateRetrieve encryption state of location (drive)No

     

    Firewall
    Attribute NameDescriptionAuto-Remediation Action
    IsEnabledRetrieve Firewall State (enabled/disabled)No
    TurnOnEnable the FirewalYes
    TurnOffDisable the FirewallYes

     

    P2P
    Attribute NameDescriptionAuto-Remediation Action
    IsRunningRetrieve running state of P2P applicationNo
    TerminateTerminate running P2P applicationYes

     

    Patch Management
    Attribute NameDescriptionAuto-Remediation Action
    IsEnabledCheck if Patch agent is enabled or notNo
    EnableSet Patch Agent to enabled stateYes
    ListMissingDetect missing patchesNo
    InstallMissingInstall Missing PatchesYes

     

    Virtual Machine
    Attribute NameDescriptionAuto-Remediation Action
    EnumerateVMsEnumerate Virtual Machines on the systemNo
    GetVMInformationGet extended information of a virtual machine (Name, Path, OS Version etc.)No
    PauseVMPause the running Virtual MachineYes
    StopVMStop the running Virtual MachineYes
    GetHypervisorTypeRetrieve Hypervisor Type of Virtual MachineNo

     

    Meaning of value fields:
    V - Implemented
    O - Not Supported
    X - Not Implemented
    Z - Implemented on Windows with Security Center (WMI) available


  • 2.  RE: Clearpass Onguard Auto-Remediation

    Posted Aug 16, 2018 09:17 AM

    This information is not current as of the 6.6+ releases.

     

    The support charts are now accessed by going to Administration >> Documentation.

    OnGuard Support Charts.png