Mike,

Thanks for information. So if I understood what you said all I need are two rules to do what I want:

Rule 1: Check and see if they have ANY of the 79 AV products are installed 
Rule 2. Check and see if the supported AV product is up to date

Does that seem correct to you?

The documentation I am finding on Cisco's site doesn't seem very up to date and is a bit confusing. Have you seen anything out there that might help me get started??

Thanks,

Pete
-----Original Message-----
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Mike Diggins
Sent: Tuesday, September 08, 2009 10:34 AM
To: [log in to unmask]
Subject: Re: AntiVirus Enforcement

On Tue, 8 Sep 2009, Pete Boynton wrote:

> Hello,
>
> I am getting ready to deploy a CAS in-band for VPN users coming into our 
> network. I had a few questions about antivirus that I can't seem to get 
> answered searching Google.
>
>
> 1.  Can I create a requirement that will check to see if clients have 
> ANY of the 79 antivirus supported installed and up to date? Or
>
>
> 2.  Do I need to create separate requirements for all 79 antivirus 
> products?

Short answer but NO, you can use one rule to allow any of the supported AV 
products. You can also configure a single rule that only allows the AV 
product to be out-of-date by a configurable number of days.


> 3.  Most of my clients use AVG. How is support for AVG and NAC?

The latest Agents support all current versions of AVG. It does take Cisco 
time to catch up to new releases though. That goes for most of the AV 
products. Usually an Agent update is required.


-Mike