On the phone with TAC now, but if you have any suggestions for a quick
workaround that wouldn't force us to have to re-engineer our AV defs
requirement to not bother with NSS (which I believe would mean
re-creating checks for every supported AV the ANY AV rule currently
supports) or just outright stop requiring up-to-date defs...that would
be greatly appreciated :)
--Homer Manila
Information Security Administrator
Information Technology, American University
202-885-2209
Nathaniel Austin wrote:
> Hey Homer,
>
> Weird that it doesn't show there. It should.
>
> As for a way to handle it, the only workaround is unfortunately to
> uninstall NSS. The agent should be able to check for NSS definition
> updates, but our database bases their defs off the same date as normal
> SAV defs (which they are different and not updated that frequently) so
> I have found that the date checks don't work well for NSS.
>
> Bug hasn't been assigned to a developer yet, so not sure of a timeline
> on when it will be fixed, but it will need a new underlying SDK for
> the agent, so it more than likely require a new agent to fix.
>
> Nate
>
> Homer Manila wrote:
>> Thanks Nate. Actually, the list I was going by was on the manager:
>> Device Managment -> Clean Access -> Clean Access Agent -> Rules ->
>> AV/AS Support Info
>>
>> That list doesn't show it supported anyway, and if I remember
>> correctly, it updates with every new version of the agent being
>> deployed, yes?
>>
>> Thanks for the bug info. Apparently, it's affecting more of our
>> users than I original thought. May have to call Cisco on best way to
>> handle this....
>>
>> --Homer Manila
>> Information Security Administrator
>> Information Technology, American University
>> 202-885-2209
>>
>>
>>
>> Nathaniel Austin wrote:
>>> Hey Homer,
>>>
>>> It is on the supported list:
>>>
>>> Norton Security Scan / 1.x / yes (4.1.3.0) / yes (4.1.3.0) / -
>>>
>>> As to the problem, I repro'd this here a little while ago. We should
>>> be able to detect both NSS and a normal Symantec AV at the same
>>> time, but we don't. I filed CSCso76507 on the issue.
>>>
>>> Nate
>>>
>>> Homer Manila wrote:
>>>> We just forced an upgrade of the CCA agent this morning to 4.1.3.2,
>>>> and began getting a few complaints from our users about not being
>>>> able to log in despite having very much up-to-date definitions of
>>>> Symantec AntiVirus. Turns out that the new agent was now seeing a
>>>> "Norton Security Scan," with differing product version #s and defs
>>>> versions(sometimes none). A quick google found that this product
>>>> was bundled with Google Pack a little over a month ago, and would
>>>> explain how the product got onto our clients' machines without our
>>>> knowledge. Apparently, the new agent is seeing Norton Security
>>>> Scan instead of our standard, tested, supported SAV bundle.
>>>> Removal of NSS fixes the problem and allows the user onto the network.
>>>>
>>>> Question: how is CCA seeing this product if it isn't even in the
>>>> supported list of AV?
>>>>
|