locked
IAG Remediation RRS feed

  • General discussion

  • Hi All! Thanks to the MS team for starting this forum!

    I am curious to know about what remediation options IAG has to offer. It seems to me that, with endpoint detection, you either pass or fail and that's it. What if I want to notify a user that he hasn't passed the check, but still let him in and report on it?

    What if a user doesn't pass inspection, but then we want to send them somewhere like a virtualized area so they don't compromise production systems?

    Is there a way to take some action after endpoint detection finishes like showing a popup box or redirecting the user in some way? If so, how?
    Tuesday, June 9, 2009 6:13 PM

All replies

  • Hi Amigo. IAG doesn't implement remediation in a similar way as NAP can do. But this doesn't mean that you can't do the kind of things that you mention in your post. IAG works with access policies. This means your access to e.g an application (access policies can be applied to other elements like the portal or actions in web applications) is not allowed because you are not running and updated antivirus. The acces to the application will be grayed or invisible but you can define an alternative application whose access policy is just "allow access if out-of-date antivirus". This way you are somehow offering the remediation access by allowing alternate applications when the endpoint doesn't comply with the access policy. Obviously this is not as straight as ticking a checkbox saying "non compliant redirected to: " but the good news are that still can be done

    Hope it helps

    // Raúl

    I love this game
    Tuesday, June 9, 2009 8:06 PM
  • Raul, 

    Thank you very much for this response. It does help as I never thought about using essentially "negative policies" to control access like "if you DON'T have AV" or something like that. 

    At any rate, I am still really curious about whether or not there are hooks available to change functionality based on endpoint detection. Does any one out there know? Also, what if I have a policy that has multiple custom checks like, checking for AV, DNS Domain, Anti-Spyware, and Firewall in one policy and the user fails one. Is there any way to let the user know exactly which one failed as opposed to just showing them the default message that you enter when creating the policy? 

    Endpoint detection is a huge area of which I have only the tip of the iceberg, I think. 

    Thanks all!
    Wednesday, June 10, 2009 12:39 AM
  • Hi Amigo. That is a question that we all that work with IAG have asked at any moment :)

    The matter is that it can potentially be done but there is no easy way to do it. I mean, IAG is an open-wide platform that can be almost fully customized so provided that you know the variables that handle the endpoint detection results and how to retrieve them programatically you could write some code that inform the user in a more granular way. I would like to add some example code but I don´t have it. Sorry for that.

    If you think the responses are useful, please "vote as helpful"

    Regards

    // Raúl

    I love this game
    Wednesday, June 10, 2009 8:06 AM
  • Yep! That is typically my response as well. "I'm sure there's SOME way to do it, but exactly how? I wouldn't pretend to know without digging through the files and really getting in there." If I find out anything, I will be sure to post it. I would really like to experiment with this given enough time =) 
    Wednesday, June 10, 2009 1:40 PM
  • Hi Everyone,

    For find variables about policy, i suggest you to analyse the page in the monitor.
    For example you have the last tab when select a SessionID for visualize all variables.

    Also you have this file : C:\Whale-Com\e-Gap\von\InternalSite\inc\PolicyEvaluationScript.inc

    Good play,
    Alex



    GIRAUD Alexandre - MVP Forefront France - http://www.alexgiraud.net/blog
    Wednesday, June 10, 2009 7:26 PM