Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Onguard Trellix and mccaffe

This thread has been viewed 10 times
  • 1.  Onguard Trellix and mccaffe

    Posted Feb 02, 2024 01:48 PM

    Hello

    Before starting, Mccaffe has a fusion with another company and after the fusion the name became Trellix

    I configured on guard on this Clearpass but it seems on the Onguard activity that in some endpoints It detects the software as Mccaffe endpoint security and in others Trellix endpoint security for some reason I could see this on the Onguard activity

    for example, I have 2 computers 

    I go to one and I see Trellix and I see the version which is version X

    I go to the other computer where I see Trellix again and I see the same version X

    but in the Onguard I see in one as Mccaffe and in the other, I see Trellix for some reason

    Now I don't see any issue in this because well I could add both Antivirus in my policy and that's it 

    The problem I'm facing and is why I'm opening this thread is that when Clearpass sees the endpoint as Mccaffe endpoint security and I disable the firewall in the Onguard activity it says it's enabled for some reason.  For the endpoints that it sees as Trelix endpoint security, this does not happen.  This is a problem because if the firewall is disabled it won't apply the policy in the endpoints that it sees as Maccafee endpoint security

    Does anyone know how I can fix this?



  • 2.  RE: Onguard Trellix and mccaffe

    Posted Feb 13, 2024 08:56 AM

    Onguard uses an external software component for detection of applications/status.

    You can check in ClearPass under Support Documentation, the OnGuard plugin support.

    Support is updated with each version, as well with the posture updates under Agent and Software Updates.

    If all is updated, and you see wrong detections, you can open a support case and they would need to open a ticket with the external vendor to get this addressed.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------