Just thinking, but may it be that if you configured a GPO to prevent users to run a manual update, that the function is just blocked and the OnGuard agent would not have access to it either?
I'm not a GPO/AD expert, but could imagine that the manual update function is blocked, not just 'the button'; and another application won't be able to trigger an update either.
You may try to revert that setting for just one machine and see if that resolves the remediation from OnGuard as well.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 09, 2022 10:05 AM
From: Ed Nicoll
Subject: ClearPass OnGuard - Automatic remediation of Windows Defender
Hi Everyone,
I'm looking for a bit of assistance. We are in the process of testing OnGuard before putting it into our live environment of W10 PCs. Initially we are posture checking for the status of the dat file for Windows Defender and that it is within the last 3 updates. My problem is that clients don't want to remediate automatically. The message the OnGuard Agent presents is "Could not update Windows Defender. Please try manually." We block access to the WU settings to end users so don't want to have them updating manually. For more info, we use our own internal WU server so that we can control the release of Windows updates. The test device sat for over an hour as quarantined before I manually requested windows updates. As soon as it picked up the updates it became healthy and jumped onto our corporate vlan. I need to remove the need for this manual step.
For more info, we are using Comware7 HPE switches so have to switch vlans when the posture status changes between healthy and unhealthy (can't use roles). This is working fine for us so far it seems.
Auto remediation is selected in the posture policy.