Security

Hello

Before starting, Mccaffe has a fusion with another company and after the fusion the name became Trellix

I configured on guard on this Clearpass but it seems on the Onguard activity that in some endpoints It detects the software as Mccaffe endpoint security and in others Trellix endpoint security for some reason I could see this on the Onguard activity

for example, I have 2 computers 

I go to one and I see Trellix and I see the version which is version X

I go to the other computer where I see Trellix again and I see the same version X

but in the Onguard I see in one as Mccaffe and in the other, I see Trellix for some reason

Now I don't see any issue in this because well I could add both Antivirus in my policy and that's it 

The problem I'm facing and is why I'm opening this thread is that when Clearpass sees the endpoint as Mccaffe endpoint security and I disable the firewall in the Onguard activity it says it's enabled for some reason.  For the endpoints that it sees as Trelix endpoint security, this does not happen.  This is a problem because if the firewall is disabled it won't apply the policy in the endpoints that it sees as Maccafee endpoint security

Does anyone know how I can fix this?

Onguard uses an external software component for detection of applications/status.

You can check in ClearPass under Support Documentation, the OnGuard plugin support.

Support is updated with each version, as well with the posture updates under Agent and Software Updates.

If all is updated, and you see wrong detections, you can open a support case and they would need to open a ticket with the external vendor to get this addressed.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Feb 02, 2024 01:48 PM
From: cdelarosa
Subject: Onguard Trellix and mccaffe

Hello

Before starting, Mccaffe has a fusion with another company and after the fusion the name became Trellix

I configured on guard on this Clearpass but it seems on the Onguard activity that in some endpoints It detects the software as Mccaffe endpoint security and in others Trellix endpoint security for some reason I could see this on the Onguard activity

for example, I have 2 computers 

I go to one and I see Trellix and I see the version which is version X

I go to the other computer where I see Trellix again and I see the same version X

but in the Onguard I see in one as Mccaffe and in the other, I see Trellix for some reason

Now I don't see any issue in this because well I could add both Antivirus in my policy and that's it 

The problem I'm facing and is why I'm opening this thread is that when Clearpass sees the endpoint as Mccaffe endpoint security and I disable the firewall in the Onguard activity it says it's enabled for some reason.  For the endpoints that it sees as Trelix endpoint security, this does not happen.  This is a problem because if the firewall is disabled it won't apply the policy in the endpoints that it sees as Maccafee endpoint security

Does anyone know how I can fix this?