Guest

Preview Tool

Cisco Bug: CSCvu30313 - ISEComplianceModule 4.3.1250.6145 does not pull date on definition check for Sophos Antivirus

Last Modified

Jul 22, 2020

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

4.7(5199)

Description (partial)

Symptom:
Vendors in the customer's environment are failing posture checks, as a result they cannot gain access to the customer's network.


When customers run Sophos Antivirus while using ISEComplianceModule 4.3.1250.6145 (latest version) the compliance module does not check Sophos for an updated date when running definition checks to inspect allow antivirus to be 15 days older than latest file date.

See logs below ISECoplianceModule cannot pull dates for Sophos Antivirus

[Thu May 14 14:51:47.795 2020][aciseposture]Function: CheckOpswat::checkOpswatDefDate Thread Id: 0x5C0 File: C:\temp\build\thehoff\Mera_fcs0.929103249297\Mera_fcs\posture\ise\libposture\CheckOpswat.cpp Line: 482 Level: debug :AM product 2884 found
[Thu May 14 14:51:47.795 2020][aciseposture]Function: CheckOpswat::checkOpswatDefDate Thread Id: 0x5C0 File: C:\temp\build\thehoff\Mera_fcs0.929103249297\Mera_fcs\posture\ise\libposture\CheckOpswat.cpp Line: 509 Level: debug :virus definition date check for: 2884, date to check: 05/13/2020, date found: 0, days older: 15, result of check: needs update



[Thu May 14 16:04:11.072 2020][aciseposture]Function: CheckOpswat::checkOpswatDefDate Thread Id: 0x2670 File: C:\temp\build\thehoff\Mera_fcs0.929103249297\Mera_fcs\posture\ise\libposture\CheckOpswat.cpp Line: 482 Level: debug :AM product 2884 found
[Thu May 14 16:04:11.072 2020][aciseposture]Function: CheckOpswat::checkOpswatDefDate Thread Id: 0x2670 File: C:\temp\build\thehoff\Mera_fcs0.929103249297\Mera_fcs\posture\ise\libposture\CheckOpswat.cpp Line: 509 Level: debug :virus definition date check for: 2884, date to check: 05/13/2020, date found: 0, days older: 15, result of check: needs update

Conditions:
The problem happens when customer is using ISEComplianceModule 4.3.1250.6145
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.