Security

I'm new to ClearPass and am learning on a new install. Please forgive my ignorance. For BYOD Windows and Macintosh devices, we use the OnGuard persistent agent. A user with a Windows device claims he has updated with all the updates, rebooted, and everything shows as green in his security settings. But, OnGuard shows that his anti-virus needs to be updated. His system has been healthy before and I assume some update needs to be installed. Is there a way in the short term to override the quarantine status until we can figure out what is going on with his system or OnGuard?

Thanks,

Robert

Hi,

You need to check the cleint Health-Check/WebAuth request in the ClearPass access tracker to determine the actual reason for quarantine token.

If it is AntiVirus version, then you may modify the posture policy assigned to the Helath-Check/WebAuth service and set the AntiVirus >> Product version check to "In Last N Updates" Value "5" or more.

Please work with TAC if the above change doesn't help.

Thanks.

This is where it is unhealthy. Posture:WindowsUniversal:AntiVirus UNHEALTHY

This are the AntiVirus settings: 

Can you attache the dashboard details (Access Tracker export) of the WebAuth/Health-check?

Thanks for the response. I've attached these to the case 5332199436. Can you access them there?

We have another device that appears to have a newer version of McAfee Antivirus that apparently isn't support by our Clearpass server. I'd like to whitelist this device so the student can access the net.

As a soltuion to the original questions, TAC is suggesting creating a static hosts list to use as an authentication source and adding enforcement profile rules for devices that OnGuard is having issues with. TAC is scheduled to work with me on that this afternoon. 

What TAC ended up doing is making a Static Host List where the MAC address of the host was added. An Enforcement rule was added before the posture check. This seems to work.