If Clean Access can check the definition by version, it will use that first. I believe it only uses the date if it does not check the version.
Bruce Osborne Liberty University From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Chris T. Healey Sent: Tuesday, September 23, 2008 4:10 PM To: [email protected] Subject: [CLEANACCESS] Extremely Strange AV Issue - HELP Ok I am going to try the group before TAC as this is an extremely strange problem. I have a requirement for all groups called AVSignaturesCurrent-ForAll it has worked fine for a year or so and as its name implies it is for all users to see if their AV signatures are current (by current I mean no older than 14 days from the latest file date). The problem is that I have one student whose laptop running CCA agent 4.1.3.0 (and now 4.1.3.1) fails that check yet her definition files are dated properly. Everything was fine one day and then the next login it was not yet the signature files were unchanged and less than 14 days old. The 11th all was well: Client AV Info Product ID: NortonAV Product Name: Symantec AntiVirus Product Version: 10.1.5.5000 Virus Definition File Version: 9/5/2008 rev. 6 Virus Definition File Date: 9/5/2008 The next day, the 12th, this failed and it should have been OK until the 19th. I have worked on this quite a bit and after my help desk elevated it to me being just as stumped. I have several test that should result in would be valid AV dated signatures yet they are marked as failed. I have uninstalled the CCA Agent and reinstalled, even with an older 3.x version to then let it upgrade. I uninstalled the Symantec and reinstalled and even once did not let it update so that the server will see the 2006 signature files that are on the install CD: Client AV Info Product ID: NortonAV Product Name: Symantec AntiVirus Product Version: 10.1.5.5000 Virus Definition File Version: 9/8/2006 rev. 41 Virus Definition File Date: 9/8/2006 As expected this failed but when I let it update and the server reported the new signature date . . . it still failed!?!?!? - I even uninstalled and installed AVG 7, let it update and then tried again and no luck: Client AV Info Product ID: GrisoftAV Product Name: AVG 7.5 Product Version: 7.5.516 Virus Definition File Version: 270.7.1 Virus Definition File Date: 9/23/2008 7:38:00 AM What is going on? Has anyone encountered this? Does anyone have any ideas? I am not opposed to changing my rule but I wonder why this one student is the only one? Why are there not more if the problem is the rule? I did an export with text for 100 lines with a filter by that requirement and a failed status and I cannot see anyone else with Symantec and current dated signature files - I will again go through that export again and look at other AV software but if there was a wider problem then I would imagine that I would have more people at the help desk window. Thanks Chris ___________________________________ Chris Healey Capital University Office of Information Technology 1 College and Main Columbus, OH 43209-2394 614-236-6964 Email: [EMAIL PROTECTED] ___________________________________ "We are what we repeatedly do. Excellence, then, is not an act, but a habit." -Aristotle ___________________________________
