Any updates on this issue? I see the bug status is "fixed" now but not sure
how it is fixed with the same Agent version. How people using 4.1.3.2 deal
with this issue now? Still asking users to uninstall NSS?

Thanks,

Dennis Xu
Network Analyst(CCS)
University of Guelph
5198244120 x 56217


-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Homer Manila
Sent: May-06-08 2:22 PM
To: [log in to unmask]
Subject: Re: Norton Security Scan

On the phone with TAC now, but if you have any suggestions for a quick 
workaround that wouldn't force us to have to re-engineer our AV defs 
requirement to not bother with NSS (which I believe would mean 
re-creating checks for every supported AV the ANY AV rule currently 
supports) or just outright stop requiring up-to-date defs...that would 
be greatly appreciated :)

--Homer Manila
Information Security Administrator
Information Technology, American University
202-885-2209



Nathaniel Austin wrote:
> Hey Homer,
>
> Weird that it doesn't show there. It should.
>
> As for a way to handle it, the only workaround is unfortunately to 
> uninstall NSS. The agent should be able to check for NSS definition 
> updates, but our database bases their defs off the same date as normal 
> SAV defs (which they are different and not updated that frequently) so 
> I have found that the date checks don't work well for NSS.
>
> Bug hasn't been assigned to a developer yet, so not sure of a timeline 
> on when it will be fixed, but it will need a new underlying SDK for 
> the agent, so it more than likely require a new agent to fix.
>
> Nate
>
> Homer Manila wrote:
>> Thanks Nate.  Actually, the list I was going by was on the manager: 
>> Device Managment -> Clean Access -> Clean Access Agent -> Rules -> 
>> AV/AS Support Info
>>
>> That list doesn't show it supported anyway, and if I remember 
>> correctly, it updates with every new version of the agent being 
>> deployed, yes?
>>
>> Thanks for the bug info.  Apparently, it's affecting more of our 
>> users than I original thought.  May have to call Cisco on best way to 
>> handle this....
>>
>> --Homer Manila
>> Information Security Administrator
>> Information Technology, American University
>> 202-885-2209
>>
>>
>>
>> Nathaniel Austin wrote:
>>> Hey Homer,
>>>
>>> It is on the supported list:
>>>
>>> Norton Security Scan / 1.x / yes (4.1.3.0) / yes (4.1.3.0) / -
>>>
>>> As to the problem, I repro'd this here a little while ago. We should 
>>> be able to detect both NSS and a normal Symantec AV at the same 
>>> time, but we don't. I filed CSCso76507 on the issue.
>>>
>>> Nate
>>>
>>> Homer Manila wrote:
>>>> We just forced an upgrade of the CCA agent this morning to 4.1.3.2, 
>>>> and began getting a few complaints from our users about not being 
>>>> able to log in despite having very much up-to-date definitions of 
>>>> Symantec AntiVirus.  Turns out that the new agent was now seeing a 
>>>> "Norton Security Scan," with differing product version #s and defs 
>>>> versions(sometimes none).  A quick google found that this product 
>>>> was bundled with Google Pack a little over a month ago, and would 
>>>> explain how the product got onto our clients' machines without our 
>>>> knowledge.  Apparently, the new agent is seeing Norton Security 
>>>> Scan instead of our standard, tested, supported SAV bundle.  
>>>> Removal of NSS fixes the problem and allows the user onto the network.
>>>>
>>>> Question: how is CCA seeing this product if it isn't even in the 
>>>> supported list of AV?
>>>>