Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
341342343344345346347348349350
9-42
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Configuring Agent-Based Posture Assessment
Note The Cisco NAC Web Agent only supports Go To Link manual remediation and File Distribution
functionality. Cisco NAC Web Agent does not support Update or Launch remediation actions, nor does
it perform Auto Remediation.
AV Rules incorporate extensive logic for antivirus vendors and are associated with AV Definition Update
requirements. AS Rules incorporate logic for most antispyware vendors and are associated with AS
Definition Update requirements. For AV or AS Definition Update requirements, there is no need to
configure checks. You associate:
AV Definition Update requirement with AV Rule(s) and user roles and operating systems
AS Definition Update requirement with AS Rule(s) and user roles and operating systems
and configure the Agent dialog instructions you want the user to see if the AV or AS requirement fails.
Note Where possible, Cisco recommends using AV Rules mapped to AV Definition Update Requirements to
check antivirus software on clients. In the case of a non-supported AV product, or if an AV
product/version is not available through AV Rules, administrators always have the option of using Cisco
provided pc_ checks and pr_rules for the AntiVirus vendor or of creating their own custom checks, rules,
and requirements through Device Management > Clean Access > Clean Access Agent (use New
Check, New Rule, and New File/Link/Local Check Requirement), as described in Configuring Custom
Checks, Rules, and Requirements, page 9-70.
Cisco NAC Appliance works in tandem with the installation schemes and mechanisms provided by
supported Antivirus vendors. In the case of unforeseen changes to underlying mechanisms for AV
products by AV vendors, the Clean Access team updates the Supported AV/AS Product List and/or Agent
in the timeliest manner possible in order to support the new AV product changes. In the meantime,
administrators can always use the “custom” rule workaround for the AV product (such as pc_checks/pr_
rules) and configure the requirement for “Any selected rule succeeds.
Figure 9-11 and Figure 9-12 show Agent dialogs that appear when a client fails to meet an AV Definition
Update requirement.
Figure 9-11 Required AV Definition Update (Cisco NAC Agent)