Re: AntiVirus Enforcement

Tue, 08 Sep 2009 08:12:55 -0700 

Have a look at the 'Configuring Agent Requirements' section of the manual.
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cam/m_agent.html
Create a new AV rule and use ANY as the Antivirus vendor.

You might need an CCO id to view that page.

-Mike


On Tue, 8 Sep 2009, Pete Boynton wrote:


Mike,

Thanks for information. So if I understood what you said all I need are two 
rules to do what I want:

Rule 1: Check and see if they have ANY of the 79 AV products are installed
Rule 2. Check and see if the supported AV product is up to date

Does that seem correct to you?

The documentation I am finding on Cisco's site doesn't seem very up to date and 
is a bit confusing. Have you seen anything out there that might help me get 
started??

Thanks,

Pete
-----Original Message-----
From: Cisco Clean Access Users and Administrators 
[mailto:[email protected]] On Behalf Of Mike Diggins
Sent: Tuesday, September 08, 2009 10:34 AM
To: [email protected]
Subject: Re: AntiVirus Enforcement

On Tue, 8 Sep 2009, Pete Boynton wrote:


Hello,

I am getting ready to deploy a CAS in-band for VPN users coming into our
network. I had a few questions about antivirus that I can't seem to get
answered searching Google.


1.  Can I create a requirement that will check to see if clients have
ANY of the 79 antivirus supported installed and up to date? Or


2.  Do I need to create separate requirements for all 79 antivirus
products?


Short answer but NO, you can use one rule to allow any of the supported AV
products. You can also configure a single rule that only allows the AV
product to be out-of-date by a configurable number of days.



3.  Most of my clients use AVG. How is support for AVG and NAC?


The latest Agents support all current versions of AVG. It does take Cisco
time to catch up to new releases though. That goes for most of the AV
products. Usually an Agent update is required.


-Mike




            _________________________________________

Mike Diggins                            Voice:  905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks    FAX:    905.522.0511
University Technology Services          E-Mail: [email protected]
McMaster University, Hamilton, Ontario

Reply via email to