Often people have questions on Clearpass Onguard like what firewalls and anti-virus softwares are supported? What P2P apps do we detect? etc. And which of these do we support auto-remediation for? For example, which firewalls can Onguard enable for the user automatically if the administrator has set a policy for it to be enabled. etc. This article will answer these questions.
For a complete list of supported third-party products and auto-remediation actions, go to the following page in your Clearpass server: Administration > Agents and Software Updates > OnGuard Settings. Next, click the Help link on the top right, and then click the OnGuard Agent Support Charts link.
Here are some screenshots:
The meanings of fields/columns in Support Charts and which of them is auto-remediation action is listed below:
Common Attributes
Attribute Name | Description |
Product_Name | Product Name |
Version | Product Version |
AntiVirus/AntiSpyware
Attribute Name | Description | Auto-Remediation Action |
GetDataFileTime | Retrieve the last modification time of the current definition/pattern file used by the Antivirus product | No |
GetDataFileVersion | Retrieve the current version of the definition/pattern file used by the Antivirus product | No |
EngineVersion | Retrieve the version of the Antivirus' scanning engine | No |
Check RTP | Retrieve the state of the Real-Time Protection (RTP) of the Antivirus product | No |
LiveUpdate | Update the Antivirus product (Dat File, Engine Version etc.) | Yes |
Sync/Async Update | Not Used |
SetRTP | Enable/disable the Real-Time Protection (RTP) of the Antivirus product | Yes |
LastScanTime | Retrieve the date and time of the last completed full system scan ran on the endpoint by the Antivirus product | No |
FullSystemScan | Launch a full system scan for the Antivirus product | Yes |
GetVirusDefServ | Full System Scan In Progress | No |
IsFullScanInProg | Check if the Antivirus product is currently running a full system scan | No |
DiskEncryption
Attribute Name | Description | Auto-Remediation Action |
GetLocations | Retrieve list of encrypted locations | No |
GetEncState | Retrieve encryption state of location (drive) | No |
Firewall
Attribute Name | Description | Auto-Remediation Action |
IsEnabled | Retrieve Firewall State (enabled/disabled) | No |
TurnOn | Enable the Firewal | Yes |
TurnOff | Disable the Firewall | Yes |
P2P
Attribute Name | Description | Auto-Remediation Action |
IsRunning | Retrieve running state of P2P application | No |
Terminate | Terminate running P2P application | Yes |
Patch Management
Attribute Name | Description | Auto-Remediation Action |
IsEnabled | Check if Patch agent is enabled or not | No |
Enable | Set Patch Agent to enabled state | Yes |
ListMissing | Detect missing patches | No |
InstallMissing | Install Missing Patches | Yes |
Virtual Machine
Attribute Name | Description | Auto-Remediation Action |
EnumerateVMs | Enumerate Virtual Machines on the system | No |
GetVMInformation | Get extended information of a virtual machine (Name, Path, OS Version etc.) | No |
PauseVM | Pause the running Virtual Machine | Yes |
StopVM | Stop the running Virtual Machine | Yes |
GetHypervisorType | Retrieve Hypervisor Type of Virtual Machine | No |
Meaning of value fields:
V - Implemented
O - Not Supported
X - Not Implemented
Z - Implemented on Windows with Security Center (WMI) available