Re: IE 8

[Isabelle Graham]

It looks like a check for IE8 just posted. You may need to do a manual update 
to see it.

--
Isabelle Graham
Information Security
American University

Jim Thomas wrote:

Or maybe Cisco maintaining a listserv/blog (maybe off Cisco Learning
Network) tied into the BU where they can provide 'roadmap' info and
support. If you have to go to TAC to get details on Cisco questions that
only the BU can answer then a direct line into the BU might be
beneficial when the end result could potentially help out hundreds of
customers. I know some TAC engineers monitor this listserv and some of
the BU but since I've been on here, I've seen a lot of griping regarding
the product line. I haven't heard a lot of response from Cisco. Maybe
there is another avenue that Cisco can provide that might help.

Thanks

Jim

Jim Thomas

Area Networks, Inc.

CCIE Security #16674

CCSP,CCNP,CCDP

jtho...@area-networks.com <mailto:jtho...@area-networks.com>

     Office: 650-242-8050

    Cell: 916-342-2265

From: Cisco Clean Access Users and Administrators
[mailto:cleanacc...@listserv.muohio.edu] On Behalf Of Eric Weakland
Sent: Thursday, April 02, 2009 6:06 AM
To: CLEANACCESS@LISTSERV.MUOHIO.EDU
Subject: Re: IE 8

I've noticed the lack of input.  I suspect Cisco has forbid their folks
from posting useful information to this list anymore.  Unfortunately my

team can't get useful answers from TAC. (STILL!)

I also am a Perfigo early adopter and no longer think Cisco is a viable
alternative in this space.  I've tried for YEARS to try and get them to
see how shoe-horning this product into the router support model doesn't
work, how a product like this needs aggressive support for new
vulnerabilities and changes.  I thought things were going to get better,

but it doesn't look like it.

Cisco- if you're out there, why don't you just admit you don't care
about this product line, and EOS/L it so that we can have more traction
when asking for funds to upgrade to other products?  Or state that it

isn't suited to the Higher-ed market?

I must add that I am glad Perfigo was where it was when we started to
really need it.  Getting CCA implemented across our campus was a real
win from a resource perspective - many fewer viruses.  But this product
has not grown/been supported in a way that makes it viable any more, as

you put so well, Rand.

My team likes Impulse and Juniper's solutions so far.  We're going to
start looking at those soon.  Perhaps we should set up another listserv

somewhere - product independent? Cheers, Eric

Eric Weakland, CISSP, CNE
Director, Information Security

Office of Information Technology American University

eric at american.edu
202.885.2241

______________________________________

AU IT will never ask for your password via e-mail. Don't share your password with anyone!

"Hall, Rand" <r...@merrimack.edu> Sent by: Cisco Clean Access Users and Administrators <CLEANACCESS@LISTSERV.MUOHIO.EDU> 04/02/2009 08:50 AM

Please respond to
Cisco Clean Access Users and Administrators
<CLEANACCESS@LISTSERV.MUOHIO.EDU>

To

CLEANACCESS@LISTSERV.MUOHIO.EDU

cc

        
Subject

Re: IE 8

                




Anyone notice the recent dearth of Cisco input on this list? I find that
troubling.

Direct quotes on the list last fall from a Cisco support person (name
omitted because he's innocent):

"Word from the BU is that they will only update from Microsoft once a
month, so this one will not go into the checks and rule set until next
months Patch Tuesday release."

"All I can say is that myself and some of my colleagues did put some pressure on to add this in. I know we sound like a broken record when we

say this, but I would strongly encourage anyone who is unhappy about this to tell their account teams and have them put pressure on from their side as well."

So, this will be at least the third time in six months that Cisco's
shrugging ambivalence has made their product ineffective.

In October, Microsoft issued a critical out-of-band patch for which
Cisco would not create checks.

In November, Cisco botched an update which ultimately prevented access
to the aforementioned and now long-awaited out-of-band patch check.

And now, IE8.

The first two times I followed the prescribed advice and ran my concern
up through my account team...and heard nothing.

Unfortunately, I think I'm going to be forced to return the favor. I'm
one of the original Perfigo people who's got the end of life software.
When the Cisco NAC RFQ line doesn't this summer ring they'll know it was
me.

So, Bruce, how do you like Bradford?

Cheers,
Rand

--
Rand P. Hall * Director, Network Services
Merrimack College * SunGard Higher Education
315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000
Fax 978-837-5383 * rand.h...@merrimack.edu * www.sungardhe.com

CONFIDENTIALITY:  This e-mail (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited.  If you received this e-mail in error,
please notify the sender and delete this e-mail from your system.


-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:cleanacc...@listserv.muohio.edu] On Behalf Of Osborne, Bruce W.
(NS)
Sent: Thursday, April 02, 2009 7:26 AM
To: CLEANACCESS@LISTSERV.MUOHIO.EDU
Subject: Re: IE 8

Rob,

That is correct.  You have to update each OS rule. Rinse & repeat after
every "Patch Tuesday" update.

Bruce

-----Original Message-----

From: Robert J. Rutkowski [mailto:robert.rutkow...@keystone.edu] Sent: Wednesday, April 01, 2009 6:09 PM

Subject: Re: IE 8

Correct me if I'm wrong please.. In order to use this manually created
check, if I don't have any other manual checks incorporated into my
hotfix rules, then I need to make copies of every hotfix rule (XP, XP
MCE, XP Tablet, Vista Basic, Vista Home Premium, etc...) and add this
check as an OR for the IE area to all of my copies, and then enable them
for the Requirement. This is the way I understood it, I could very well
be incorrect though. It seems like a lot of work just to tell it to

allow IE8.

Also, if that's what needs to be done, then why can't Cisco simply
update their hotfix rules for everyone? It's sad that they would tell
you how to manually do a workaround, but not just do it themselves...

Rob



-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:cleanacc...@listserv.muohio.edu] On Behalf Of Roberto Montoya
Sent: Wednesday, April 01, 2009 2:06 PM
To: CLEANACCESS@LISTSERV.MUOHIO.EDU
Subject: Re: IE 8

This is what we got on a case that we opened.

"For now we will have to create a custom check until the next agent
version download has been released. Here is an outline for the customer
check that you can put in place:

   Check Category - Registry Check
   Check Type - Registry Value
   Registry Key - HLKM\SOFTWARE\Microsoft\Internet Explorer\
   Value Name - Version
   Value Data Type - String
   Operator - starts with
   Value Data - 8.0

For now we are expecting support for IE8 within the next two weeks.
Right now there is a bug for this issue and is listed below:
Bug ID: CSCsy62611"


HTH,

-Roberto



-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:cleanacc...@listserv.muohio.edu] On Behalf Of Terry Mitchell
Sent: Wednesday, April 01, 2009 9:52 AM
To: CLEANACCESS@LISTSERV.MUOHIO.EDU
Subject: Re: IE 8

Anyone from Cisco/NAC team willing provide an estimate for IE8 support
(days, weeks or months?). It doesn't have to be carved in stone, but a
ballpark estimate would be most useful for planning and support

purposes.

Thanks in advance.

Terry