LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

May 2008

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS May 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Norton Security Scan
From:	Nathaniel Austin <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Tue, 6 May 2008 14:10:31 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (66 lines)

Hey Homer,

Weird that it doesn't show there. It should.

As for a way to handle it, the only workaround is unfortunately to 
uninstall NSS. The agent should be able to check for NSS definition 
updates, but our database bases their defs off the same date as normal 
SAV defs (which they are different and not updated that frequently) so I 
have found that the date checks don't work well for NSS.

Bug hasn't been assigned to a developer yet, so not sure of a timeline 
on when it will be fixed, but it will need a new underlying SDK for the 
agent, so it more than likely require a new agent to fix.

Nate

Homer Manila wrote:
> Thanks Nate.  Actually, the list I was going by was on the manager: 
> Device Managment -> Clean Access -> Clean Access Agent -> Rules -> 
> AV/AS Support Info
>
> That list doesn't show it supported anyway, and if I remember 
> correctly, it updates with every new version of the agent being 
> deployed, yes?
>
> Thanks for the bug info.  Apparently, it's affecting more of our users 
> than I original thought.  May have to call Cisco on best way to handle 
> this....
>
> --Homer Manila
> Information Security Administrator
> Information Technology, American University
> 202-885-2209
>
>
>
> Nathaniel Austin wrote:
>> Hey Homer,
>>
>> It is on the supported list:
>>
>> Norton Security Scan / 1.x / yes (4.1.3.0) / yes (4.1.3.0) / -
>>
>> As to the problem, I repro'd this here a little while ago. We should 
>> be able to detect both NSS and a normal Symantec AV at the same time, 
>> but we don't. I filed CSCso76507 on the issue.
>>
>> Nate
>>
>> Homer Manila wrote:
>>> We just forced an upgrade of the CCA agent this morning to 4.1.3.2, 
>>> and began getting a few complaints from our users about not being 
>>> able to log in despite having very much up-to-date definitions of 
>>> Symantec AntiVirus.  Turns out that the new agent was now seeing a 
>>> "Norton Security Scan," with differing product version #s and defs 
>>> versions(sometimes none).  A quick google found that this product 
>>> was bundled with Google Pack a little over a month ago, and would 
>>> explain how the product got onto our clients' machines without our 
>>> knowledge.  Apparently, the new agent is seeing Norton Security Scan 
>>> instead of our standard, tested, supported SAV bundle.  Removal of 
>>> NSS fixes the problem and allows the user onto the network.
>>>
>>> Question: how is CCA seeing this product if it isn't even in the 
>>> supported list of AV?
>>>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU