Specifications
9-57
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Configuring Agent-Based Posture Assessment
b. If you configure the requirement to use automatic remediation, specify the Interval in seconds (the
default interval is 0). Depending on the requirement type, this interval either sets the delay before
the Agent re-attempts remediation or sets the total time allowed for a particular remediation process.
c. Enter the Retry Count []. Specifying a retry count sets a limit on the number of times the Agent
automatically retries the requirement if it initially fails. (The default retry count setting is 0.)
For details on configuring Auto Remediation, see Configuring Auto Remediation for Requirements,
page 9-98.
Note The Cisco NAC Web Agent does not support Auto Remediation.
Step 6 Choose an Anti-Spyware Vendor Name from the dropdown menu or choose ANY. The Products table
lists all the spyware definition product versions currently supported per client OS.
Note Cisco recommends specifying vendor names when appropriate because choosing the ANY option can
affect the Agent’s performance (the process takes longer) on the client machine.
Step 7 For the Requirement Name, type a unique name to identify this AS definition file requirement in the
Agent. The name will be visible to users on the Agent dialogs.
Step 8 In the Description field, type a description of the requirement and instructions to guide users who fail
to meet the requirement. For an AS Definition Update requirement, you should include an instruction
alerting Cisco NAC Web Agent users of the requirement and for Cisco NAC Agent users to click the
Update/Remediate button to update their systems.
Note Some of the default user messages in the Agent dialogs are very similar between various rules and/or
requirements. To ensure the user clearly understands the remediation issue at hand, Cisco strongly
recommends providing an appropriate message in this field describing the nature and purpose of the
given function.
Step 9 Click the checkbox for at least one client Operating System (at least one must be chosen).
Step 10 Click Add Requirement to add the requirement to the Requirement List.
Configuring a Windows Server Update Services Requirement
The Agent “Windows Server Update Services” requirement type allows administrators to launch
Windows Server Update Services (WSUS) on Agent user machines based on the following:
• Cisco Rules (e.g. pr_<Windows operating system>_hotfixes) and/or administrator-configured
custom rules for a specific Windows operating system
• Windows Update severity checks
If you choose to validate Windows client machines using “Cisco Rules,” you must also map the WSUS
requirement to one or more rules in the CAM. You can choose to map the requirement to existing Cisco
(pr_hotfix) rules or to custom rules you create to ensure client machines meet specific criteria before
granting access to the Cisco NAC Appliance network. Because external server access is not required,