Cisco Cisco Clean Access 3.5
9-5
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 9 Clean Access Implementation Overview
Clean Access Overview
Clean Access Agent
The Clean Access Agent is read-only, easy-to-use client software that resides on Windows systems and
can check if an application or service is running, whether a registry key exists, or the value of a registry
key. The Agent can ensure that users have necessary software installed (or not installed) to keep their
machines from becoming vulnerable or infected.
can check if an application or service is running, whether a registry key exists, or the value of a registry
key. The Agent can ensure that users have necessary software installed (or not installed) to keep their
machines from becoming vulnerable or infected.
Note
With Clean Access Agent vulnerability assessment, there is no client firewall restriction. The Agent is
able to check the client registry, services, and applications even if a personal firewall is installed and
running.
able to check the client registry, services, and applications even if a personal firewall is installed and
running.
With release 3.5, the Clean Access Agent provides the following support:
•
Version 3.5.x provides built-in AV Rule support for several major antivirus (AV) vendors which
allows it to automatically detect and update AV virus definition files on clients. Each version of the
Agent will provide additional AV rule support in conjunction with updates to the Supported AV
Product List. See
allows it to automatically detect and update AV virus definition files on clients. Each version of the
Agent will provide additional AV rule support in conjunction with updates to the Supported AV
Product List. See
for further details.
•
Version 3.5.1 and above provides auto-upgrade. Once the 3.5.1+ Clean Access Agent is installed on
a client, it can automatically detect, download, and upgrade itself to version 3.5.2 or above.
a client, it can automatically detect, download, and upgrade itself to version 3.5.2 or above.
•
Version 3.5.3 and above (with 3.5.3+ CAM/CAS) provides support for multi-hop L3 in-band
deployments as well as Single Sign-On when Clean Access is integrated with VPN concentrators.
deployments as well as Single Sign-On when Clean Access is integrated with VPN concentrators.
as well as “Integrating
with Cisco VPN Concentrators” in the Cisco Clean Access Server Installation and Administration
Guide.
Guide.
•
Version 3.5.4 and above checks for new Agent auto-upgrade at every login request instead of at
application startup.
application startup.
•
Version 3.5.5 and above (with 3.5.5+ CAM/CAS only) optimizes discovery in multi-hop L3
deployments and installs by default for the current user and all other users on a client PC.
deployments and installs by default for the current user and all other users on a client PC.
•
Version 3.5.7 and below allow logged-in users to remain logged into the network when the machine
is shut down/restarted.
is shut down/restarted.
•
Version 3.5.10 and above (with 3.5.8+ CAM/CAS) makes the option configurable to enable or
disable the Agent logging off the Clean Access network when a user logs off from the Windows
domain or shuts down a Windows machine. This feature does not apply for OOB deployments. The
3.5.10 Agent obsoletes the 3.5.7/35.8./3.5.9 Agents.
disable the Agent logging off the Clean Access network when a user logs off from the Windows
domain or shuts down a Windows machine. This feature does not apply for OOB deployments. The
3.5.10 Agent obsoletes the 3.5.7/35.8./3.5.9 Agents.
•
Version 3.5.11 (with 3.5.9 CAM/CAS) can be run by a restricted user on the local machine (user is
not an administrator or power user). Administrator privileges are still necessary to perform the
initial Agent installation.
not an administrator or power user). Administrator privileges are still necessary to perform the
initial Agent installation.
The Clean Access Agent software is always included as part of the Clean Access Manager software.
When the Clean Access Manager is installed, the Clean Access Agent Setup installation file is already
present and automatically published from the CAM to the CASes. To distribute the Clean Access Agent
to clients, you simply require the use of the Clean Access Agent in the CAM web console for the desired
user role/operating system.
When the Clean Access Manager is installed, the Clean Access Agent Setup installation file is already
present and automatically published from the CAM to the CASes. To distribute the Clean Access Agent
to clients, you simply require the use of the Clean Access Agent in the CAM web console for the desired
user role/operating system.
Once clients have the 3.5.1 or above Clean Access Agent installed, you can configure distribution of
Clean Access Agent Upgrade patches via client auto-upgrade. Along with Cisco checks and rules, AV
product support updates, and default host traffic policies, Agent upgrade patches are retrieved via Clean
Access Agent Updates on the CAM.
Clean Access Agent Upgrade patches via client auto-upgrade. Along with Cisco checks and rules, AV
product support updates, and default host traffic policies, Agent upgrade patches are retrieved via Clean
Access Agent Updates on the CAM.
For complete details on the Agent configuration features mentioned above, see