TAC confirmed the new agent and compliance module are not available on CCO now and they will post them to CCO next week or so.
In order to pull down these updates, you need check "Check for Windows NAC Agent updates" and "Check for Compliance Module for Windows updates" from the CAM Update page and click Update.
In my testing, the Kaspersky v12 passed the checks using the new agent and module but Bit Defender V15 still fails. I haven't tested other AVs on the list.
---
Dennis Xu
Network Analyst, Computing and Communication Services
University of Guelph
5198244120 x 56217
----- Original Message -----
From: "Kyle Torkelson" <[log in to unmask]>
To: [log in to unmask]
Sent: Thursday, August 25, 2011 12:53:10 AM
Subject: Re: Cisco NAC unsupported AVs and custom rules
Strange that these aren’t available on the Cisco Download site…
In the past, we’ve always unchecked checking for new agents and waited until a server release before we’ve forced clients to upgrade their agents…
I’ll have to give it a try to see if it downloads the new agent and compliance module…
Description: seal_sign
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Justin Odom
Sent: Wednesday, August 24, 2011 12:30 PM
To: [log in to unmask]
Subject: Re: Cisco NAC unsupported AVs and custom rules
Cisco released a compliance module update yesterday.
You will need the latest available agent 4.8.2.3 in order to download the compliance module to clients.
Select " Check for Windows NAC Agent updates" and "Check for Compliance Module for Windows updates" and click update on the CAM. This should pull the latest windows agent (4.8.2.3) and the latest CM (3.4.26.1)
Justin
On Wed, Aug 24, 2011 at 9:58 AM, King, Ronald A. < [log in to unmask] > wrote:
These AV products listed are from manufactures that are installed on the
majority of endpoints. I find it disturbing that they are not supported, nor
will be until the next major release. Am I unique in this way of thinking?
Ronald King
Security Engineer
http://security.nsu.edu
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto: [log in to unmask] ] On Behalf Of Dennis Xu
Sent: Monday, August 22, 2011 9:30 AM
To: [log in to unmask]
Subject: Re: Cisco NAC unsupported AVs and custom rules
I asked TAC about the compliance module and I was told they will not release
new compliance module until NAC 4.9(next release) is released.
---
Dennis Xu
Network Analyst, Computing and Communication Services
University of Guelph
5198244120 x 56217
----- Original Message -----
From: "Kyle Torkelson" < [log in to unmask] >
To: [log in to unmask]
Sent: Monday, August 22, 2011 9:13:01 AM
Subject: Re: Cisco NAC unsupported AVs and custom rules
You could also add Symantec Endpoint Protection 12.x to that list as well...
I was hoping for an updated Compliance Module but I haven't seen one released
lately...
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto: [log in to unmask] ] On Behalf Of Dennis Xu
Sent: Monday, August 22, 2011 8:04 AM
To: [log in to unmask]
Subject: Cisco NAC unsupported AVs and custom rules
Hello,
We have found some AVs are not supported by our NAC 4.8.1 systems and Cisco
will not release new NAC before Sep. So we are going to create custom rules
for AVs. I am checking if anyone has created the rules for following AVs and
would like to share?
Avast v6.0.1203
Bitdefender v15.0.27.309 (Internet Security 2012)
Kaspersky Internet Security 2012 & Kaspersky AntiVirus 2012 v12
McAfee personal v15.0.288
Norton Internet Security 2012 v19
Thanks!
---
Dennis Xu
Network Analyst, Computing and Communication Services University of Guelph
5198244120 x 56217
|