Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

371

372

373

374

375

376

377

378

379

380

9-73

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment

Configuring Agent-Based Posture Assessment

Custom Checks

A check is a condition statement that examines a feature of the client system, such as a file, registry key,

service, or application. Table 9-14 lists the types of custom checks available and what they test.

Cisco Pre-Configured Checks (“pc_”)

Pre-configured checks have a prefix of “pc” in their names (for example, pc_Hotfix828035) and are

listed under Device Management > Clean Access > Clean Access Agent > Rules > Check List.

Using Pre-Configured Rules to Check for CSA

You can use Cisco pre-configured rules to create an Agent requirement that checks if the Cisco Security

Agent (CSA) is already installed and/or running on a client. To do this:

1. Create a new Link Distribution or File Distribution requirement (for Windows 8.1/8/7/Vista/XP).

2. Associate the requirement to one or both of the following rules (for Windows 8.1/8/7/Vista/XP):

–

pr_CSA_Agent_Version_5_0

–

pr_CSA_Agent_Service_Running

3. Associate the requirement to the user role(s) for which it will apply.

Note See Configuration Summary, page 9-73 for further details on creating custom requirements (using either

pre-configured or custom rules).

Copying Checks and Rules

Note that pre-configured rules and checks are not editable, but can serve as templates. To modify a

non-editable check or a rule, make a copy of it first by clicking the corresponding Copy icon. Copies of

checks are added to the bottom of the Check List, in the form

copy_of_checkname. Copies of rules are

added to the bottom of the Rules List, in the form

copy_of_rulename. Click the corresponding Edit icon

to bring up the Edit form to modify the check or rule. The edited checks and rules can then be configured

and associated to requirements and roles as described in the following sections.

Ta b l e 9 - 1 4 C h e c k s

Check Category Check Type

Registry check

• whether or not a registry key exists

• registry key value, version, or modification date

File Check

• whether or not a file exists

• date of modification or creation

• file version

Service check

• whether or not a service is running

Application check

• whether or not an application is running