Often people have questions on Clearpass Onguard like what firewalls and anti-virus softwares are supported? What P2P apps do we detect? etc. And which of these do we support auto-remediation for? For example, which firewalls can Onguard enable for the user automatically if the administrator has set a policy for it to be enabled. etc. This article will answer these questions.
For a complete list of supported third-party products and auto-remediation actions, go to the following page in your Clearpass server: Administration > Agents and Software Updates > OnGuard Settings. Next, click the Help link on the top right, and then click the OnGuard Agent Support Charts link.
Here are some screenshots:
The meanings of fields/columns in Support Charts and which of them is auto-remediation action is listed below:
Common Attributes
| Attribute Name | Description |
| Product_Name | Product Name |
| Version | Product Version |
AntiVirus/AntiSpyware
| Attribute Name | Description | Auto-Remediation Action |
| GetDataFileTime | Retrieve the last modification time of the current definition/pattern file used by the Antivirus product | No |
| GetDataFileVersion | Retrieve the current version of the definition/pattern file used by the Antivirus product | No |
| EngineVersion | Retrieve the version of the Antivirus' scanning engine | No |
| Check RTP | Retrieve the state of the Real-Time Protection (RTP) of the Antivirus product | No |
| LiveUpdate | Update the Antivirus product (Dat File, Engine Version etc.) | Yes |
| Sync/Async Update | Not Used |
| SetRTP | Enable/disable the Real-Time Protection (RTP) of the Antivirus product | Yes |
| LastScanTime | Retrieve the date and time of the last completed full system scan ran on the endpoint by the Antivirus product | No |
| FullSystemScan | Launch a full system scan for the Antivirus product | Yes |
| GetVirusDefServ | Full System Scan In Progress | No |
| IsFullScanInProg | Check if the Antivirus product is currently running a full system scan | No |
DiskEncryption
| Attribute Name | Description | Auto-Remediation Action |
| GetLocations | Retrieve list of encrypted locations | No |
| GetEncState | Retrieve encryption state of location (drive) | No |
Firewall
| Attribute Name | Description | Auto-Remediation Action |
| IsEnabled | Retrieve Firewall State (enabled/disabled) | No |
| TurnOn | Enable the Firewal | Yes |
| TurnOff | Disable the Firewall | Yes |
P2P
| Attribute Name | Description | Auto-Remediation Action |
| IsRunning | Retrieve running state of P2P application | No |
| Terminate | Terminate running P2P application | Yes |
Patch Management
| Attribute Name | Description | Auto-Remediation Action |
| IsEnabled | Check if Patch agent is enabled or not | No |
| Enable | Set Patch Agent to enabled state | Yes |
| ListMissing | Detect missing patches | No |
| InstallMissing | Install Missing Patches | Yes |
Virtual Machine
| Attribute Name | Description | Auto-Remediation Action |
| EnumerateVMs | Enumerate Virtual Machines on the system | No |
| GetVMInformation | Get extended information of a virtual machine (Name, Path, OS Version etc.) | No |
| PauseVM | Pause the running Virtual Machine | Yes |
| StopVM | Stop the running Virtual Machine | Yes |
| GetHypervisorType | Retrieve Hypervisor Type of Virtual Machine | No |
Meaning of value fields:
V - Implemented
O - Not Supported
X - Not Implemented
Z - Implemented on Windows with Security Center (WMI) available