Guest

Preview Tool

Cisco Bug: CSCvu90915 - Hostscan not detecting Crowdstrike version 5.x

Last Modified

Sep 30, 2020

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

4.8(2045) 4.9(2000)

Description (partial)

Symptom:
ISE (2.6 patch 6) posture policy to search for CrowdStrike Falcon (tried both only 5.x and "ANY").  When a user connects to our VPN with AC 4.8.2042, compliance module 4.3.1250.6145, Falcon is not detected as installed on the endpoint.  ISE shows the associated condition as "failed," and AC does not show CrowdStrike in the "security products" tab of system scan.

Per the documentation, it should be supporting the versions tested but does not appear to be detected.

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect48/hostscan/HostScan_Version_4_8_03052_Antimalware_and_Firewall_Support_Charts.html

Cisco AnyConnect HostScan Antimalware - Compliance Module v4.3.1250.0 for Windows:
CrowdStrike Falcon - 5.10.9106.0
CrowdStrike Falcon - 5.14.9504.0
CrowdStrike Falcon - 5.26.10806.0
----------------------------------
OPSWAT engine version for Windows        4.3.1250.0
OPSWAT engine version for macOS          4.3.1151.0

Conditions:
It appears that Crowdstrike isn't being detected on AC 4.8.02042 with ISECompliance: 4.3.1250.6145 & 4.9.00086 with ISECompliance:4.3.1280.6145

Crowdstrike 5.x tested and seeing issue:
5.32.11404
5.31.11304
5.26.10806
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.