Cisco Cisco Clean Access 3.5
11-16
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 11 Clean Access Agent
Retrieve Updates
Retrieve Updates
A variety of updates are available from the Cisco Clean Access Updates server, available under Device
Management > Clean Access > Clean Access Agent > Updates. You can perform t updates manually
as desired or schedule them to be performed automatically:
Management > Clean Access > Clean Access Agent > Updates. You can perform t updates manually
as desired or schedule them to be performed automatically:
•
Cisco Checks and Rules
Cisco provides a variety of pre-configured rules (“pr_”) and checks (“pc_”) for standard client
checks such as hotfixes, Windows update, and various antivirus software packages. Cisco checks
and rules are a convenient starting point for manually creating your own custom checks and rules.
checks such as hotfixes, Windows update, and various antivirus software packages. Cisco checks
and rules are a convenient starting point for manually creating your own custom checks and rules.
•
Clean Access Agent Upgrade
With release 3.5.1 and above (CAM, CAS, Agent), Agent upgrade patches can be automatically
downloaded to the CAM, pushed to the CAS, and downloaded and installed on the client. See
downloaded to the CAM, pushed to the CAS, and downloaded and installed on the client. See
for details.
•
Supported Antivirus Product List
This list is a versioned XML file distributed from a centralized update server that provides the most
current matrix of supported AV vendors and product versions used to configure AV Definition
Update requirements and AV Rules. This AV list is updated regularly to add product support. For
details on products and versions supported, see Device Management > Clean Access > Clean
Access Agent > Rules > Agent-AV Support Info, or see the “Cisco Clean Access Supported
Antivirus Product Charts” in the release notes
(
current matrix of supported AV vendors and product versions used to configure AV Definition
Update requirements and AV Rules. This AV list is updated regularly to add product support. For
details on products and versions supported, see Device Management > Clean Access > Clean
Access Agent > Rules > Agent-AV Support Info, or see the “Cisco Clean Access Supported
Antivirus Product Charts” in the release notes
(
)
•
Default Host Policies
With release 3.5(5) and above, Cisco Clean Access provides automatic updates for the default
host-based policies (for Unauthenticated, Temporary, and Quarantine roles). Note that Default
Allowed Hosts are disabled by default, and must be enabled for each role under User Management
> User Roles > Traffic Control > Hosts. See
host-based policies (for Unauthenticated, Temporary, and Quarantine roles). Note that Default
Allowed Hosts are disabled by default, and must be enabled for each role under User Management
> User Roles > Traffic Control > Hosts. See
for details.
Note
•
For 3.5(x), if you have auto-updates enabled on your CAM, and have downloaded the latest version
of the Supported AV Product List prior to downloading the corresponding version of the CCA Agent
Upgrade Patch, make sure to perform a Clean Update to enable the latest product support for that
version of the Agent.
of the Supported AV Product List prior to downloading the corresponding version of the CCA Agent
Upgrade Patch, make sure to perform a Clean Update to enable the latest product support for that
version of the Agent.
•
To ensure Cisco Clean Access always checks for the latest Microsoft Windows hotfixes, always get
the latest Updates of Cisco Checks and Rules (by Clean Update if necessary) and make sure the
appropriate host-based traffic policies are in place (see
the latest Updates of Cisco Checks and Rules (by Clean Update if necessary) and make sure the
appropriate host-based traffic policies are in place (see
for details.)
•
When you upgrade your CAM/CAS to the latest release of Cisco Clean Access, all Perfigo/Cisco
pre-configured checks/ rules will be automatically upgraded. However, manually-created rules
which look for specific names (e.g. “SmartEnforcer.exe”) may need to be checked and fixed
manually.
pre-configured checks/ rules will be automatically upgraded. However, manually-created rules
which look for specific names (e.g. “SmartEnforcer.exe”) may need to be checked and fixed
manually.