Cisco Nac agent "List of Antivirus & Anti-Spyware Products Detected by the Agent "
Hi All,
We have posture assessment working with cisco Nac agent. Checking only symantec Antivirus def update and installation. Since there is windows defender in all the user pcs and turned off not in use. But cisco Nac agent is showing both windows defender and symantec in List of Antivirus & Anti-Spyware Products Detected by the Agent field. We dont want windows defender to show in this list.
Anyone encountered this list before?? Please suggest.. I want to get rid of windows defender from this list in nac agent.
Closest enhancement I could check on this is
CSCts34764 NAC: Request for ANY rule to pass if 1 AS/AV definition is up to date
Currently Windows Defender AnitSpyware comes installed on all Windows 7 machines. Many users disable this and install their own AntiSpyware product. Currently when using the ANY AntiSpyware up to date rule, it will fail if say MSE is up to date but not Windows Defender (since it is disabled).
This is an enhancement request to add the ability to pass the ANY check if 1 AntiSpyware or AntiVirus definition is up to date but another is installed and out of date. Currently if a customer wants to accomplish this they need to create a rule for every AntiVirus or AntiSpyware product and use the "Any Selected Rule Succeeds" option which is very cumbersome to configure.
~BR
Jatin Katyal
**Do rate helpful posts**
Similar Messages
-
Cisco NAC Agent 4.9.1.682 Problems with Mac Os X 10.7.4
Hi
My Cisco NAC Agent (version 4.9.1.682) doesn't work since I upgraded my Mac OS X 4 months ago, This happens every time with CISCO and MAC when there is a new update and it always seems to take forever to fix.
The NAC agent just keeps asking for my login in details even though there are correct (I can log in with a PC no problem).
Any update on when a new version is going to be released - Its getting really frustrating?I figured out a solution that works you must disable Online Certificate Status Protocol (OCSP) on the affected system. To do this :
Open Keychain Access. Keychain Access can be found by selecting Go in the Finder and choosing the Utilities option. Keychain access should be listed in the folder that appears. Double-click the Keychain Access icon to open it.
Select Keychain Access -> Preferences from the menu at the top of the screen
Choose the Certificates tab
Change the OCSP option from Best Effort to Off
Close the Preferences dialog and quit Keychain Access
You should be able to NAC now -
Mac OS X 10.8.1 and Cisco Nac Agent to 4.9.1.683
We have this problem with on of our clients:
"Cisco NAC Agent is having a difficulty with the server. Agent user operation system
is not supported".
Anyone encounter this problem ?
thanks.Hi Tarik,
We have:
Cisco Clean Access Server Version 4.9.0
Cisco Clean Access Lite Manager Version 4.9.0
I can see Your point now, that I should start from upgrading to 4.9.1.
Let me do that, and see if it helps.
thanks very much, I will keep You posted. -
Dear all,
We have cisco NAC version 4.9.1 and the agent version is 4.9.1.5. We want to know if there is a way to hide the cisco NAC agent window so the user do not see it, i mean run it on the background to make it a bit more transparent to the final user.
Anyone have any ideas?
Thanks in advance.Go to "Administration > User Pages" and make sure you have configured a proper login page for Windows 7.
-
Question about cisco nac agent
When I deploy Cisco NAC appliance, the main different between using cisco nac appliance with or without agent? I see Cisco NAC agent has two function: scan and remediation. If Cisco NAC appliance without agent, Cisco NAC server will scan device and remediation. That is right?
Please answer me early. Thank you for your answer.Sorry, I believe daldden is correct, without the agent you can still scan using the built-in Nessus scanner.
We don't use the Nessus scanner, but these are some things to consider if you use the scanner. These are from memory though so anyone who actively uses the scanner may be able to give more up to date or complete info:
1) You have to decide which vulnerabilities you want to scan for.
2) The more plug-ins you enable, the longer (obviously) the scan takes.
3) There are configuration steps for many of the plug-ins
4) Your users will still need to go to a login page in order to be scanned.
5) You have to configure the remediation information (URL, steps, etc) for each plug-in you enable.
From our view point, the only reason we would enable the scanner is if we were looking for a specific vulnerability, perhaps a new threat that didn't yet have a patch. If it had a patch, we would watch for the patch using the agent (installed or web based).
It was much easier for us to use the agent, to scan their system and make sure that the MS critical hot fixes were installed and/or an AV system was installed and up to date. As mentioned, if there is a patch for a vulnerability, you can use the agent to make sure that specific hot fix is installed.
Remember that there is also a web agent. The web agent is an ActiveX or Java (you pick which one you want to use) applet that is loaded onto the person's machine, the system scanned, then the applet is unloaded.
Of course, the agent is only for MSoft (with some MAC options), so if you have Linux systems, the Nessus scanner would be your only option. -
Cisco NAC agent services not running on Windows XP
Hi,
I've problem with Cisco NAC agent services on Windows XP professional SP3.
After first installation using user local administrator, the services of Cisco NAC agent on windows machine running well, but after logout, and login using another user which is registered in domain users, the services of Cisco NAC agent is going to stopped (going to Manual mode not automatic, and the status is stopped).
This situation is not happened on all windows machines, several machines running well.
Cisco NAC agent version 4.9.0.42
Has anyone seen this type of problem?
Below i attached windows machine information from ones running well and not running, Thanks
Regards,
RianHi thanks for your answers, dbconsole is started in services.msc and also Agent, but goes on to say that the agent is not running.
In sysman log shows this,
"03/20/2012 13:38:54,553 [MetricCollector: HOMETAB_THREAD600: 60] ERROR rt.DbMetricCollectorTarget _getAllData.328 - oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest_ (EMDClient.java: 1330)
at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest (EMDClient.java: 1223)
at oracle.sysman.emSDK.emd.comm.EMDClient.getMetrics (EMDClient.java: 640)
at oracle.sysman.emo.perf.metric.rt.DbHomeTab._getAllData (DbHomeTab.java: 324)
at oracle.sysman.emo.perf.metric.rt.DbHomeTab.getData (DbHomeTab.java: 139)
at oracle.sysman.emo.perf.metric.eng.MetricCached.collectCachedData (MetricCached.java: 402)
at
at oracle.sysman.emo.perf.metric.eng.MetricCollectorThread.run (MetricCollectorThread.java: 320)
at java.lang.Thread.run (Thread.java: 595)
20/03/2012 22:00:03,335 [JobWorker 772: Thread-13] ERROR em.jobs executeCommand.161 - UpdateARUTables: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup parameters required to September."
In event viewer shows this,
"Agent process exited abnormally DURING initialization." but this message appears a few hours after having started the service.
I am using the Administrator account -
Cisco NAC Agent and Windows 8 still not working
Hello. I recently upgraded the Cisco NAC Agent to the latest version (4.9.1.13) on a Windows 8 VM. The release notes state that Windows 8 support has been added, and that a patch must be downloaded. However, the information about the patch is vague. I'm not sure if it's a client or server-side patch, or perhaps if I already have it as a result of upgrading to the latest version.
I ask this because I plan to upgrade some computers to Windows 8, and have noticed that Cisco NAC Agent can't handshake with the NAC server on Windows 8 (both native and VM), and despite upgrading to the latest version, the handshake is still unsuccessful.
Thanks,
-CollinHi Collin,
The 4.9.1 Patch for Windows 8 Support can be downloaded from the following link :
http://www.cisco.com/cisco/software/release.html?mdfid=282910502&flowid=34713&softwareid=282573326&release=4.9.1&relind=AVAILABLE&rellifecycle=&reltype=latest
The patch should be applied to both 4.9.1 CAM and CAS.
Please go through the README file for patch provided in the download link provided above. It has detailed information.
Regards,
Karthik Chandran -
Different between cisco NAC agent and cisco Clean Access Agent
Hi all,
if anyone has idea about different between cisco NAC agent and cisco Clean Access Agent, please share your ideas.
thank youIn 4.6, the agent was overhauled and is now called the NAC agent. Previous versions were referred to as the Clean Access Agent. So pretty much, the 4.5 agent and 4.1.3.2 agents are Clean Access agents, and the 4.6.x and 4.7.x agents are called NAC agents.
Some of the changes made were moving a lot of the agent configuration to an XML file, redesigning the GUI, adding a service portion (so that the stub agent is no longer required), and better agent logging. -
How Cisco NAC and Cisco NAC Agent works
HI,
Can anyone help in explaining in detail for Cisco NAC will work in L2 OOB mode?
Also, what is the path from the time the end user connects to the network till he gets access to the network?
Please reply soon.Its urgent.I really do not know if you will find the answer that you are looking for. From what I remember NAP was an option that was available with the ACS via a special patch. This is only supported for vista clients if memory serves me correct.
Here is the link that will help you with the basics.
http://www.cisco.com/en/US/netsol/ns466/index.html
We do not get much case volume or exposure to the NAP solution and with ACS 5.2 and ISE around the corner it might be too late to go through this setup and then run into issues with acs 4.2 possibly hitting eol/eos.
Thanks,
Tarik -
Trend Micro Anti-Spyware not detected by Network Magic
Network Magic reports that anti-spyware is not installed. Trend Micro Titanium is installed and running but not detected by Network Magic. Any help is appreciated.
Network Magic Version installed: 5.5.9195.0
The type of connection to the Internet is DSL
The Brand of Modem is Motorola
The Brand of Router is Linysys, Model is WRT310N V2 and hard-wired
The Connection in use on the problem computer: Ethernet Port through M-Board
Operating system is Windows Xp Home, Service Pack Level 3
Software Firewall in use: Windows Firewall
Trend Micro Titanium Anti-Virus Program / Spyware Program is actively protecting computerHenry4324 wrote:
I have Norton Internet Security and PC Tool Spyware doctor installed on my laptop. The operating system is Vista 7 home premium. 2 Network magic alerts indicate that my antivirus and antispyware programs are turned off. These alerts refer to the programs that come with the operating system. It does not detect my 3rd party software programs which are up and running with no problems reported. Is there a way fix these alerts.
Hi Henry4324,
I never heard of Vista 7 Home Premium.
Please publish a link to this operating system. Thanks. You may have a bootleg copy. In which Network Magic isn't going to work correctly.
thecreator - Running Network Magic version -5.5..9195.0-Pure0 on Windows XP Home Edition SP 3
Running Network Magic version -5.5.9195.0-Pure0 on Wireless Computer with McAfee Personal Firewall Build 11.5.131 Wireless Computer has D-Link DWA-552 connecting to D-Link DIR-655 A3 Router. -
Problems with the Cisco NAC agent, does not perform remediation??
Good Morning
I'm doing an implementation of NAC, but when the user is authenticated, the agent informs you that does not comply with defined security policies, to start the repair and re-scan the machine error appears "NAC Server is not available on the net" . The policy I am doing is to check a file on local disk C
Deputy error screen
I appreciate your responses as soon as possiblethe problem i have is when it moves into remediation....phase 2. If no remediation is being done (ie no checks, rules scans etc) then it moves directly from phase 1 (authentication) to phase 3 (authenticated user and assign role) and all works fine.
I've looked under all the traffic rules and can see nothing that would mean it could not contact the CAS. There are some differences in 4.7, like the ethernet traffic filter. It seems to me when put in the temp role, the vlan should still be the auth vlan. There is a role based vlan option under edit roles, but it states that is only for normal login, not tem agent, so it should not apply.
Im starting to think something has gone wrong with the upgrade code somewhere....TAC looked at my config and could see nothing on a quick check, im working with them to resolve the issue -
Cisco Nac Agent Requirement type Audit
Hi experts,
i can configure a requirement type as audit (opposed to mandatory or optional), so the client will still access the network, the user will not be notified, and the information will be sent to the cas.
It is possibile to generate an email or similar automated process to notify administrators on these audits?
(version in use 4.7.2)
Thanks
AndreaHi Andrea,
In 4.7.2 there wasn't much you could do within the CAM itself - really you could just export them from the GUI into a spreadsheet and analyze based on that.
The CAM does have an API however that would allow you to export reports via scripting interfaces and give you all that information which you could then manipulate. You can access the CAM API documentation by browsing to:
https:///admin/api/cisco_api_doc.jsp
(The "getreports" function is likely what you would want to look into).
In version 4.8 and later there was a new "Reporting" section of the GUI that you can see more details about passed and failed requirements:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_report.html#wp1495842
Thanks,
Nate -
Script Error - Cisco NAC Agent
I have no idea why this program stopped working. The attached files shows just exactly what's happening.
This program originally worked perfectly fine, and i've only recently have had these errors pop up.
I've also reinstalled, and tried to repair it during the installation process, but these problems still arised.
Does anyone know how to fix it?Hi Kyle,
I have seen these errors sometimes when a DLL file is missing or not registered properly. Can you run a tool like Process Monitor or Process Explorer from Microsoft Sysinternals and load the agent and when the error messages pop up see if there are any errors in the DLLs the agent is trying to access?
Also the Microsoft event viewer logs may show some additional information as well.
Thanks,
Nate -
Cisco ISE NAC agent and Microsoft roaming profiles
Hi there,
I have installed Identity services engine version 1.1.3 in didstributed mode. The NAC agent is installed on the end user PC joined to the domain. when a user with a roaming profile logs into the PC, the NAC agent fails to run posture assesment, but if a user with non-roaming profile logs in, the NAC agent does posture and full network access is granted.
Is there something i need to do to enable the NAC agent to perform posture for users with a roaming profile.
Regards,
HenryHello,
I found the following from the cicso doc. Hope it helps!
The following failure scenarios might cause the Cisco NAC Agent to appear following successful user authentication when the client machine roams between CASs in Layer 3 (both In-Band and Out-of-Band) and Layer 2 /Layer 3 Out-of-Band environments. Erroneous Agent login dialogs could also appear if users roam from the Cisco NAC Appliance network in Layer 3 mode to a non-NAC network:
–ARP poisoning
–Temporary loss of network connection between the client machine and the CAS
–Access to untrusted interface IP address on the CAS from non-NAC network segments on NAC-enabled client machines
Cisco offers the following recommendations to prevent this situation:
–Ensure all trusted networks (post-authentication) can reach the CAS untrusted interface IP address through the CAS trusted interface only
–Block discovery packets from all non-NAC networks to the CAS untrusted interface IP address (discovery packets that arrive on the trusted interface of the CAS are blocked by default)
For more information please refer to the following link:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html -
Dears,
I have two ISE appliances installed in a distributed deployment (primary "ISE1" and secondary "ISE2"), each node has the three personas installed on it. The servers are registered together and the replication is working properly between the nodes.
When we are working on the first node everything is fine, if I try to disconnect ISE1 and do my tests on ISE2, the cisco NAC agent doesn't popup, unless I uninstall it and reinstall it again from the ISE2. Then it will work properly.
Note: the NAC agent version is the following: nacagent-4.9.0.37.
Any idea?
Regards
ZahiHi Tarik,
below are my answers:
1- The content of the dACL:
ip access-list extended POSTURE-REMEDIATION
permit udp any any eq domain
permit ip any host 10.10.10.125 >>>> antivirus server
permit ip any 10.10.240.0 0.0.0.255 >>>> voice subnet
permit ip any 10.10.31.0 0.0.0.255 >>>> quarantine vlan subnet
permit ip any host 10.10.10.238 >>>> ip add of ISE1
permit ip any host 10.10.10.239 >>>> ip add of ISE2
permit ip any host 10.10.10.206 >>>> wsus server
permit ip any host 10.10.10.10 >>>> domain 1
permit ip any host 10.10.10.100 >>>> domain 2
2- When I open a web browser, yes I get redirected to the nac agent download page
3- outputs of the show authentication session interface fast 0/12, when the agent pops up with ISE1:
sw#sho authentication sessions int fast 0/12
Interface: FastEthernet0/12
MAC Address: b8ac.6fc9.b26f
IP Address: 10.10.31.2
User-Name: RJ\15592
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: single-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 31
ACS ACL: xACSACLx-IP-POSTURE-REMEDIATION-4fe82900
URL Redirect ACL: ACL-POSTURE-REDIRECT
URL Redirect: https://RJ-ISE-1.rj.com:8443/guestportal/gateway?session
Id=0A0A0C86000000186ADBBD8B&action=cpp
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A0A0C86000000186ADBBD8B
Acct Session ID: 0x00000023
Handle: 0x31000018
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
sw#sho authentication sessions int fast 0/12
Interface: FastEthernet0/12
MAC Address: b8ac.6fc9.b26f
IP Address: 10.10.30.12
User-Name: RJ\15592
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: single-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 30
ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-4f57e406
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A0A0C86000000186ADBBD8B
Acct Session ID: 0x00000023
Handle: 0x31000018
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
outputs of the show authentication session interface fast 0/12, when the agent pops up with ISE2:
sw#sho auth sessions int fast 0/12
Interface: FastEthernet0/12
MAC Address: 0025.6458.8409
IP Address: 10.10.31.8
User-Name: RJ\15946
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: single-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 31
ACS ACL: xACSACLx-IP-POSTURE-REMEDIATION-4fe82900
URL Redirect ACL: ACL-POSTURE-REDIRECT
URL Redirect: https://RJ-ISE-2.rj.com:8443/guestportal/gateway?session
Id=0A0A0C86000000206AF3FAC1&action=cpp
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A0A0C86000000206AF3FAC1
Acct Session ID: 0x0000002B
Handle: 0x2C000020
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
you may find attached also the pcap file of the client machine when it is authenticating with the ISE2.
Thank you in advance
Zahi
Message was edited by: ZAHI BOU KHALIL
Maybe you are looking for
-
No data found due to cost element adding leading values in report
Hi Experts, I have an issue where when the run the analyser with some values in variable screen it is displaying the output correctly in analyser tool. I am filtering the cost element with a single value for ex 4545000 and I have kept that in rows .
-
SQLServer Reporting Services 2005 Prompts for Credentials for a trusted domain user
Currently the report is running in the domain AAA. Users in the domain AAA are using the report. Another new domain BBB and an user XXX is now created and BBB\XXX has been given Browser access. Domain AAA and BBB are trusted domains. After this when
-
After upgrading to Snow Leopard - multimedia keys not controling itunes
After I upgraded to SL all the special keys( Brightness control, Volume control etc.) are working perfectly, excpet for the media controls (rewind, play\pause, forward). They used to control itunes in Leopard, but now I'm lost without them. I tried:
-
Creating a document & making it accessable on the web using a link.
There is an issue I want to address to the forum. I don't want to clutter up my posted topic with an entire page of information that is rellevent to my topic. How can I create a document that other Apple Discussion members can view it using a link? W
-
Configuring user specified alerts using solution manager
We are having SolutionManager 4.0 with sp 12. We configurred alerts for different production systems which are in the landscape.Right Now We have special requirent for our R/3 Producton system. We need to setup alert for monitoring of avg response ti