Subject: | |
From: | |
Reply To: | |
Date: | Tue, 8 Sep 2009 10:52:01 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Mike,
Thanks for information. So if I understood what you said all I need are two rules to do what I want:
Rule 1: Check and see if they have ANY of the 79 AV products are installed
Rule 2. Check and see if the supported AV product is up to date
Does that seem correct to you?
The documentation I am finding on Cisco's site doesn't seem very up to date and is a bit confusing. Have you seen anything out there that might help me get started??
Thanks,
Pete
-----Original Message-----
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Mike Diggins
Sent: Tuesday, September 08, 2009 10:34 AM
To: [log in to unmask]
Subject: Re: AntiVirus Enforcement
On Tue, 8 Sep 2009, Pete Boynton wrote:
> Hello,
>
> I am getting ready to deploy a CAS in-band for VPN users coming into our
> network. I had a few questions about antivirus that I can't seem to get
> answered searching Google.
>
>
> 1. Can I create a requirement that will check to see if clients have
> ANY of the 79 antivirus supported installed and up to date? Or
>
>
> 2. Do I need to create separate requirements for all 79 antivirus
> products?
Short answer but NO, you can use one rule to allow any of the supported AV
products. You can also configure a single rule that only allows the AV
product to be out-of-date by a configurable number of days.
> 3. Most of my clients use AVG. How is support for AVG and NAC?
The latest Agents support all current versions of AVG. It does take Cisco
time to catch up to new releases though. That goes for most of the AV
products. Usually an Agent update is required.
-Mike
|
|
|