Cisco Cisco NAC Appliance 4.1.0
12-8
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 12 Configuring Clean Access Agent Requirements
Create Clean Access Agent Requirements
–
pr_2K_Hotfixes (Win 2000)
Note that all rules are listed under Device Management > Clean Access > Clean Access Agent >
Rules > Rule List.
Rules > Rule List.
7.
Click Update to complete the mapping.
Step 5
Continue to the next steps—
and
—to complete the configuration.
Configuring AV/AS Definition Update Requirements
The AV Definition Update and AS Definition Update requirement type can be used to update the
definition files on a client for supported antivirus or antispyware products. If the client fails to meet the
AV/AS requirement, the Clean Access Agent communicates directly with the installed antivirus or
antispyware software on the client and automatically updates the definition files when the user clicks the
Update button on the Agent dialog.
definition files on a client for supported antivirus or antispyware products. If the client fails to meet the
AV/AS requirement, the Clean Access Agent communicates directly with the installed antivirus or
antispyware software on the client and automatically updates the definition files when the user clicks the
Update button on the Agent dialog.
AV Rules incorporate extensive logic for 24 antivirus vendors and are associated with AV Definition
Update requirements. AS Rules incorporate logic for 17 antispyware vendors and are associated with AS
Definition Update requirements. For AV or AS Definition Update requirements, the configuration is
similar to that of custom requirements, except there is no need to configure checks. You associate:
Update requirements. AS Rules incorporate logic for 17 antispyware vendors and are associated with AS
Definition Update requirements. For AV or AS Definition Update requirements, the configuration is
similar to that of custom requirements, except there is no need to configure checks. You associate:
•
AV Definition Update requirement with AV Rule(s) and user roles and operating systems
•
AS Definition Update requirement with AS Rule(s) and user roles and operating systems
and configure the Clean Access Agent dialog instructions you want the user to see if the AV or AS
requirement fails.
requirement fails.
Note
Where possible, it is recommended to use AV Rules mapped to AV Definition Update Requirements to
check antivirus software on clients. In the case of a non-supported AV product, or if an AV
product/version is not available through AV Rules, administrators always have the option of using Cisco
provided pc_ checks and pr_rules for the AntiVirus vendor or of creating their own custom checks, rules,
and requirements through Device Management > Clean Access > Clean Access Agent (use New
Check, New Rule, and New File/Link/Local Check Requirement), as described in
check antivirus software on clients. In the case of a non-supported AV product, or if an AV
product/version is not available through AV Rules, administrators always have the option of using Cisco
provided pc_ checks and pr_rules for the AntiVirus vendor or of creating their own custom checks, rules,
and requirements through Device Management > Clean Access > Clean Access Agent (use New
Check, New Rule, and New File/Link/Local Check Requirement), as described in
Note that Clean Access works in tandem with the installation schemes and mechanisms provided by
supported Antivirus vendors. In the case of unforeseen changes to underlying mechanisms for AV
products by AV vendors, the Clean Access team will upgrade the Supported AV/AS Product List and/or
Clean Access Agent in the timeliest manner possible in order to support the new AV product changes.
In the meantime, administrators can always use the “custom” rule workaround for the AV product (such
as pc_checks/pr_ rules) and configure the requirement for “Any selected rule succeeds.”
supported Antivirus vendors. In the case of unforeseen changes to underlying mechanisms for AV
products by AV vendors, the Clean Access team will upgrade the Supported AV/AS Product List and/or
Clean Access Agent in the timeliest manner possible in order to support the new AV product changes.
In the meantime, administrators can always use the “custom” rule workaround for the AV product (such
as pc_checks/pr_ rules) and configure the requirement for “Any selected rule succeeds.”
shows the Clean Access Agent dialog that appears when a client fails to meet an AV
Definition Update requirement.