LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

May 2008

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS May 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Norton Security Scan
From:	Homer Manila <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Tue, 6 May 2008 14:21:40 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (81 lines)

On the phone with TAC now, but if you have any suggestions for a quick 
workaround that wouldn't force us to have to re-engineer our AV defs 
requirement to not bother with NSS (which I believe would mean 
re-creating checks for every supported AV the ANY AV rule currently 
supports) or just outright stop requiring up-to-date defs...that would 
be greatly appreciated :)

--Homer Manila
Information Security Administrator
Information Technology, American University
202-885-2209



Nathaniel Austin wrote:
> Hey Homer,
>
> Weird that it doesn't show there. It should.
>
> As for a way to handle it, the only workaround is unfortunately to 
> uninstall NSS. The agent should be able to check for NSS definition 
> updates, but our database bases their defs off the same date as normal 
> SAV defs (which they are different and not updated that frequently) so 
> I have found that the date checks don't work well for NSS.
>
> Bug hasn't been assigned to a developer yet, so not sure of a timeline 
> on when it will be fixed, but it will need a new underlying SDK for 
> the agent, so it more than likely require a new agent to fix.
>
> Nate
>
> Homer Manila wrote:
>> Thanks Nate.  Actually, the list I was going by was on the manager: 
>> Device Managment -> Clean Access -> Clean Access Agent -> Rules -> 
>> AV/AS Support Info
>>
>> That list doesn't show it supported anyway, and if I remember 
>> correctly, it updates with every new version of the agent being 
>> deployed, yes?
>>
>> Thanks for the bug info.  Apparently, it's affecting more of our 
>> users than I original thought.  May have to call Cisco on best way to 
>> handle this....
>>
>> --Homer Manila
>> Information Security Administrator
>> Information Technology, American University
>> 202-885-2209
>>
>>
>>
>> Nathaniel Austin wrote:
>>> Hey Homer,
>>>
>>> It is on the supported list:
>>>
>>> Norton Security Scan / 1.x / yes (4.1.3.0) / yes (4.1.3.0) / -
>>>
>>> As to the problem, I repro'd this here a little while ago. We should 
>>> be able to detect both NSS and a normal Symantec AV at the same 
>>> time, but we don't. I filed CSCso76507 on the issue.
>>>
>>> Nate
>>>
>>> Homer Manila wrote:
>>>> We just forced an upgrade of the CCA agent this morning to 4.1.3.2, 
>>>> and began getting a few complaints from our users about not being 
>>>> able to log in despite having very much up-to-date definitions of 
>>>> Symantec AntiVirus.  Turns out that the new agent was now seeing a 
>>>> "Norton Security Scan," with differing product version #s and defs 
>>>> versions(sometimes none).  A quick google found that this product 
>>>> was bundled with Google Pack a little over a month ago, and would 
>>>> explain how the product got onto our clients' machines without our 
>>>> knowledge.  Apparently, the new agent is seeing Norton Security 
>>>> Scan instead of our standard, tested, supported SAV bundle.  
>>>> Removal of NSS fixes the problem and allows the user onto the network.
>>>>
>>>> Question: how is CCA seeing this product if it isn't even in the 
>>>> supported list of AV?
>>>>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU