Specifications

9-50

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment

Configuring Agent-Based Posture Assessment

Figure 9-19 New AV Rules Appear at the Bottom of the Rule List—Mac OS X Example

Note When configuring AV Rules, the “ANY” Antivirus vendor option and the vendor-specific “ANY

Product/ANY Version” option work differently:

• For ANY vendor, the Agent needs to query the server to verify whether the installed products are

from a supported vendor. Because the Agent only queries once at the beginning of each login

session, the user must click Cancel or restart the Agent to repeat the login process in order to refresh

the server's response.

• For “ANY Product/ANY Version” for a specific vendor, the Agent only needs to match the required

vendor against what is installed on the client machine. No query is needed.

Create an AV Definition Update Requirement

The following steps show how to create a new AV Definition Update requirement to check the client

system for the specified AV product(s) and version(s) using an associated AV Rule. If the client’s AV

definition files are not up-to-date, the user can simply click the Update/Remediate button on the Agent,

and the Agent causes the resident AV software launch its own update mechanism. Note that the actual

mechanism differs for different AV products (e.g. live update vs.command line parameter).

Note The Cisco NAC Web Agent only supports Go To Link manual remediation and File Distribution

functionality. Cisco NAC Web Agent does not support Update or Launch remediation actions, nor does

it perform Auto Remediation.