Cisco Cisco ASA 5525-X Adaptive Security Appliance Leaflet
These checks are updated with every release and as such, it is impossible for the
documentation to keep up with the list.
documentation to keep up with the list.
Q. How do I find the subset of products that are supported with
Advanced Endpoint Assessment?
Advanced Endpoint Assessment?
A. Search for Allow_port and Block_port attribute value for each product.
v= implemented
x= not implemented
Q. What CSD operations require Administrative privileges?
A. The CSD installation with Java already installed and most basic host scanning operations
do not require administrative privileges. Operations such as enabling a FW process, do not
work without administrative privilege, of course. Do not expect it to be scanned for files that
it does not have privilege for which to scan; for example, if you are limited user, you cannot
detect /users/administrator/mydocuments/file.txt. Key stroke logger requires administrative
privileges.
do not require administrative privileges. Operations such as enabling a FW process, do not
work without administrative privilege, of course. Do not expect it to be scanned for files that
it does not have privilege for which to scan; for example, if you are limited user, you cannot
detect /users/administrator/mydocuments/file.txt. Key stroke logger requires administrative
privileges.
Q. Are any of the CSD features such as Host Scan, Cache Cleaner, and
Vault supported on 64−bit platforms?
Vault supported on 64−bit platforms?
A. No. CSD only supports 32−bit platforms.
Q. Can CSD PreLogin Checks (Location policy) be configured if CSD in
not enabled?
not enabled?
A. No. Prelogin policy checks rely on CSD being enabled.
Q. What are the supported CSD Prelogin checks?
A. The checks are IP Address (Source IP range), Certificate, Registry, File and OS.
Q. Can you delete all the PreLogin Policies in one shot instead of
individually?
individually?
A. In ASDM there is currently no button/knob to delete all Prelogin policies. You can only
delete them indidually. There is an enhancement request CSCsq91629 in order to be able to
do this.
delete them indidually. There is an enhancement request CSCsq91629 in order to be able to
do this.
On the ASA CLI, you can complete these steps in order to clear all Prelogin policies and set
CSD configuration to default.
CSD configuration to default.
#delete sdesktop/data.xml
1.
Then you must Exit and restart ASDM for the change to take affect.
2.
Q. Are the CSD Prelogin certificate checks PKI−validated or does it only
check for the presence of the certificates on the endpoint host?
check for the presence of the certificates on the endpoint host?