Cisco Nac agent "List of Antivirus & Anti-Spyware Products Detected by the Agent "

Hi All,
We have posture assessment working with cisco Nac agent. Checking only symantec Antivirus def update and installation. Since there is windows defender in all the user pcs and turned off not in use. But cisco Nac agent is showing both windows defender and symantec in List of Antivirus & Anti-Spyware Products Detected by the Agent field. We dont want windows defender to show in this list.
Anyone encountered this list before?? Please suggest.. I want to get rid of windows defender from this list in nac agent.

Closest enhancement I could check on this is
CSCts34764    NAC: Request for ANY rule to pass if 1 AS/AV definition is up to date
Currently Windows Defender AnitSpyware comes installed on all Windows 7 machines.  Many users disable this and install their own AntiSpyware product.  Currently when using the ANY AntiSpyware up to date rule, it will fail if say MSE is up to date but not Windows Defender (since it is disabled).
This is an enhancement request to add the ability to pass the ANY check if 1 AntiSpyware or AntiVirus definition is up to date but another is installed and out of date.  Currently if a customer wants to accomplish this they need to create a rule for every AntiVirus or AntiSpyware product and use the "Any Selected Rule Succeeds" option which is very cumbersome to configure.
~BR
Jatin Katyal
**Do rate helpful posts**

Similar Messages

  • Cisco NAC Agent 4.9.1.682 Problems with Mac Os X 10.7.4

    Hi
    My Cisco NAC Agent  (version 4.9.1.682) doesn't work since I upgraded my Mac OS X  4 months ago, This happens every time with CISCO and MAC when there is a new update and it always seems to take forever to fix.
    The NAC agent just keeps asking for my login in details even though there are correct (I can log in with a PC no problem).
    Any update on when a new version is going to be released - Its getting really frustrating?

    I figured out a solution that works you must disable Online Certificate Status Protocol (OCSP) on the affected system. To do this :
        Open Keychain Access. Keychain Access can be found by selecting Go in the Finder and choosing the Utilities option. Keychain access should be listed in the folder that appears. Double-click the Keychain Access icon to open it.
        Select Keychain Access -> Preferences from the menu at the top of the screen
        Choose the Certificates tab
        Change the OCSP option from Best Effort to Off
        Close the Preferences dialog and quit Keychain Access
        You should be able to NAC now

  • Mac OS X 10.8.1 and Cisco Nac Agent to 4.9.1.683

    We have this problem with on of our clients:
    "Cisco NAC Agent is having a difficulty with the server. Agent user operation system
    is not supported".
    Anyone encounter this problem ?
    thanks.

    Hi Tarik,
    We have:
    Cisco Clean Access Server   Version 4.9.0
    Cisco Clean Access Lite Manager   Version 4.9.0
    I can see Your point now,  that I should start from upgrading to 4.9.1.
    Let me do  that, and see if it helps.
    thanks  very much, I will keep You posted.

  • Hide Cisco NAC agent window

    Dear all,
    We have cisco NAC version 4.9.1 and the agent version is 4.9.1.5. We want to know if there is a way to hide the cisco NAC agent window so the user do not see it, i mean run it on the background to make it a bit more transparent to the final user.
    Anyone have any ideas?
    Thanks in advance.

    Go to "Administration > User Pages" and make sure you have configured a proper login page for Windows 7.

  • Question about cisco nac agent

    When I deploy Cisco NAC appliance, the main different between using cisco nac appliance with or without agent? I see Cisco NAC agent has two function: scan and remediation. If Cisco NAC appliance without agent, Cisco NAC server will scan device and remediation. That is right?
    Please answer me early. Thank you for your answer.

    Sorry, I believe daldden is correct, without the agent you can still scan using the built-in Nessus scanner.
    We don't use the Nessus scanner, but these are some things to consider if you use the scanner. These are from memory though so anyone who actively uses the scanner may be able to give more up to date or complete info:
    1) You have to decide which vulnerabilities you want to scan for.
    2) The more plug-ins you enable, the longer (obviously) the scan takes.
    3) There are configuration steps for many of the plug-ins
    4) Your users will still need to go to a login page in order to be scanned.
    5) You have to configure the remediation information (URL, steps, etc) for each plug-in you enable.
    From our view point, the only reason we would enable the scanner is if we were looking for a specific vulnerability, perhaps a new threat that didn't yet have a patch. If it had a patch, we would watch for the patch using the agent (installed or web based).
    It was much easier for us to use the agent, to scan their system and make sure that the MS critical hot fixes were installed and/or an AV system was installed and up to date. As mentioned, if there is a patch for a vulnerability, you can use the agent to make sure that specific hot fix is installed.
    Remember that there is also a web agent. The web agent is an ActiveX or Java (you pick which one you want to use) applet that is loaded onto the person's machine, the system scanned, then the applet is unloaded.
    Of course, the agent is only for MSoft (with some MAC options), so if you have Linux systems, the Nessus scanner would be your only option.

  • Cisco NAC agent services not running on Windows XP

    Hi,
    I've problem with Cisco NAC agent services on Windows XP professional SP3.
    After first installation using user local administrator, the services of Cisco NAC agent on windows machine running well, but after logout, and login using another user which is registered in domain users, the services of Cisco NAC agent is going to stopped (going to Manual mode not automatic, and the status is stopped).
    This situation is not happened on all windows machines, several machines running well.
    Cisco NAC agent version 4.9.0.42
    Has anyone seen this type of problem?
    Below i attached windows machine information from ones running well and not running, Thanks
    Regards,
    Rian

    Hi thanks for your answers, dbconsole is started in services.msc and also Agent, but goes on to say that the agent is not running.
    In sysman log shows this,
    "03/20/2012 13:38:54,553 [MetricCollector: HOMETAB_THREAD600: 60] ERROR rt.DbMetricCollectorTarget _getAllData.328 - oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
    oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
    at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest_ (EMDClient.java: 1330)
    at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest (EMDClient.java: 1223)
    at oracle.sysman.emSDK.emd.comm.EMDClient.getMetrics (EMDClient.java: 640)
    at oracle.sysman.emo.perf.metric.rt.DbHomeTab._getAllData (DbHomeTab.java: 324)
    at oracle.sysman.emo.perf.metric.rt.DbHomeTab.getData (DbHomeTab.java: 139)
    at oracle.sysman.emo.perf.metric.eng.MetricCached.collectCachedData (MetricCached.java: 402)
    at
    at oracle.sysman.emo.perf.metric.eng.MetricCollectorThread.run (MetricCollectorThread.java: 320)
    at java.lang.Thread.run (Thread.java: 595)
    20/03/2012 22:00:03,335 [JobWorker 772: Thread-13] ERROR em.jobs executeCommand.161 - UpdateARUTables: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup parameters required to September."
    In event viewer shows this,
    "Agent process exited abnormally DURING initialization." but this message appears a few hours after having started the service.
    I am using the Administrator account

  • Cisco NAC Agent and Windows 8 still not working

    Hello. I recently upgraded the Cisco NAC Agent to the latest version (4.9.1.13) on a Windows 8 VM. The release notes state that Windows 8 support has been added, and that a patch must be downloaded. However, the information about the patch is vague. I'm not sure if it's a client or server-side patch, or perhaps if I already have it as a result of upgrading to the latest version.
    I ask this because I plan to upgrade some computers to Windows 8, and have noticed that Cisco NAC Agent can't handshake with the NAC server on Windows 8 (both native and VM), and despite upgrading to the latest version, the handshake is still unsuccessful.
    Thanks,
    -Collin

    Hi Collin,
    The 4.9.1 Patch for Windows 8 Support can be downloaded from the following link :
    http://www.cisco.com/cisco/software/release.html?mdfid=282910502&flowid=34713&softwareid=282573326&release=4.9.1&relind=AVAILABLE&rellifecycle=&reltype=latest
    The patch should be applied to both 4.9.1 CAM and CAS.
    Please go through the README file for patch provided in the download link provided above. It has detailed information.
    Regards,
    Karthik Chandran

  • Different between cisco NAC agent and cisco Clean Access Agent

    Hi all,
    if anyone has idea about different between cisco NAC agent and cisco Clean Access Agent, please share your ideas.
    thank you

    In 4.6, the agent was overhauled and is now called the NAC agent.  Previous versions were referred to as the Clean Access Agent.  So pretty much, the 4.5 agent and 4.1.3.2 agents are Clean Access agents, and the 4.6.x and 4.7.x agents are called NAC agents.
    Some of the changes made were moving a lot of the agent configuration to an XML file, redesigning the GUI, adding a service portion (so that the stub agent is no longer required), and better agent logging.

  • How Cisco NAC and Cisco NAC Agent works

    HI,
    Can anyone help in explaining in detail for Cisco NAC will work in L2 OOB mode?
    Also, what is the path from the time the end user connects to the network till he gets access to the network?
    Please reply soon.Its urgent.

    I really do not know if you will find the answer that you are looking for. From what I remember NAP was an option that was available with the ACS via a special patch. This is only supported for vista clients if memory serves me correct.
    Here is the link that will help you with the basics.
    http://www.cisco.com/en/US/netsol/ns466/index.html
    We do not get much case volume or exposure to the NAP solution and with ACS 5.2 and ISE around the corner it might be too late to go through this setup and then run into issues with acs 4.2 possibly hitting eol/eos.
    Thanks,
    Tarik

  • Trend Micro Anti-Spyware not detected by Network Magic

    Network Magic reports that anti-spyware is not installed.  Trend Micro Titanium is installed and running but not detected by Network Magic.  Any help is appreciated.
        Network Magic Version installed: 5.5.9195.0
        The type of connection to the Internet is DSL
        The Brand of Modem is Motorola
        The Brand of Router is Linysys, Model is WRT310N V2 and hard-wired
        The Connection in use on the problem computer: Ethernet Port through M-Board
        Operating system is Windows Xp Home, Service Pack Level 3
        Software Firewall in use: Windows Firewall
         Trend Micro Titanium Anti-Virus Program / Spyware Program is actively protecting computer

    Henry4324 wrote:
    I have Norton Internet Security and  PC Tool Spyware doctor installed on my laptop.  The operating system is Vista 7 home premium. 2  Network magic alerts indicate that my antivirus and antispyware programs are turned off. These alerts  refer to the programs that come with the operating system.  It does  not detect my 3rd party software programs which are up and running with no problems reported. Is there a way fix these alerts.    
    Hi Henry4324,
    I never heard of Vista 7 Home Premium.
    Please publish a link to this operating system. Thanks. You may have a bootleg copy. In which Network Magic isn't going to work correctly.
    thecreator - Running Network Magic version -5.5..9195.0-Pure0 on Windows XP Home Edition SP 3
    Running Network Magic version -5.5.9195.0-Pure0 on Wireless Computer with McAfee Personal Firewall Build 11.5.131 Wireless Computer has D-Link DWA-552 connecting to D-Link DIR-655 A3 Router.

  • Problems with the Cisco NAC agent, does not perform remediation??

    Good Morning
    I'm doing an implementation of NAC, but when the user is authenticated, the agent informs you that does not comply with defined security policies, to start the repair and re-scan the machine error appears "NAC Server is not available on the net" . The policy I am doing is to check a file on local disk C
    Deputy error screen
    I appreciate your responses as soon as possible

    the problem i have is when it moves into remediation....phase 2. If no remediation is being done (ie no checks, rules scans etc) then it moves directly from phase 1 (authentication) to phase 3 (authenticated user and assign role) and all works fine.
    I've looked under all the traffic rules and can see nothing that would mean it could not contact the CAS. There are some differences in 4.7, like the ethernet traffic filter. It seems to me when put in the temp role, the vlan should still be the auth vlan. There is a role based vlan option under edit roles, but it states that is only for normal login, not tem agent, so it should not apply.
    Im starting to think something has gone wrong with the upgrade code somewhere....TAC looked at my config  and could see nothing on a quick check, im working with them to resolve the issue

  • Cisco Nac Agent Requirement type Audit

    Hi experts,
    i can configure a requirement type as audit (opposed to mandatory or optional), so the client will still access the network, the user will not be notified, and the information will be sent to the cas.
    It is possibile to generate an email or similar automated process to notify administrators on these audits?
    (version in use 4.7.2)
    Thanks
    Andrea

    Hi Andrea,
    In 4.7.2 there wasn't much you could do within the CAM itself - really you could just export them from the GUI into a spreadsheet and analyze based on that.
    The CAM does have an API however that would allow you to export reports via scripting interfaces and give you all that information which you could then manipulate. You can access the CAM API documentation by browsing to:
    https:///admin/api/cisco_api_doc.jsp
    (The "getreports" function is likely what you would want to look into).
    In version 4.8 and later there was a new "Reporting" section of the GUI that you can see more details about passed and failed requirements:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_report.html#wp1495842
    Thanks,
    Nate

  • Script Error - Cisco NAC Agent

    I have no idea why this program stopped working. The attached files shows just exactly what's happening.
    This program originally worked perfectly fine, and i've only recently have had these errors pop up.
    I've also reinstalled, and tried to repair it during the installation process, but these problems still arised.
    Does anyone know how to fix it?

    Hi Kyle,
    I have seen these errors sometimes when a DLL file is missing or not registered properly. Can you run a tool like Process Monitor or Process Explorer from Microsoft Sysinternals and load the agent and when the error messages pop up see if there are any errors in the DLLs the agent is trying to access?
    Also the Microsoft event viewer logs may show some additional information as well.
    Thanks,
    Nate

  • Cisco ISE NAC agent and Microsoft roaming profiles

    Hi there,
    I have installed Identity services engine version 1.1.3 in didstributed mode. The NAC agent is installed on the end user PC joined to the domain. when a user with a roaming profile logs into the PC, the NAC agent fails to run posture assesment, but if a user with non-roaming profile logs in, the NAC agent does posture and full network access is granted.
    Is there something i need to do to enable the NAC agent to perform posture for users with a roaming profile.
    Regards,
    Henry

    Hello,
    I found the following from the cicso doc. Hope it helps!
    The following failure  scenarios might cause the Cisco NAC Agent to appear following successful  user authentication when the client machine roams between CASs in Layer  3 (both In-Band and Out-of-Band) and Layer 2 /Layer 3 Out-of-Band  environments. Erroneous Agent login dialogs could also appear if users  roam from the Cisco NAC Appliance network in Layer 3 mode to a non-NAC  network:
    –ARP poisoning
    –Temporary loss of network connection between the client machine and the CAS
    –Access to untrusted interface IP address on the CAS from non-NAC network segments on NAC-enabled client machines
    Cisco offers the following recommendations to prevent this situation:
    –Ensure  all trusted networks (post-authentication) can reach the CAS untrusted  interface IP address through the CAS trusted interface only
    –Block  discovery packets from all non-NAC networks to the CAS untrusted  interface IP address (discovery packets that arrive on the trusted  interface of the CAS are blocked by default)
    For more information please refer to the following link:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html

  • NAC agent failing to popup

                       Dears,
    I have two ISE appliances installed in a distributed deployment (primary "ISE1" and secondary "ISE2"), each node has the three personas installed on it. The servers are registered together and the replication is working properly between the nodes.
    When we are working on the first node everything is fine, if I try to disconnect ISE1 and do my tests on ISE2, the cisco NAC agent doesn't popup, unless I uninstall it and reinstall it again from the ISE2. Then it will work properly.
    Note: the NAC agent version is the following: nacagent-4.9.0.37.
    Any idea?
    Regards
    Zahi

    Hi Tarik,
    below are my answers:
    1- The content of the dACL:
    ip access-list extended POSTURE-REMEDIATION
    permit udp any any eq domain
    permit ip any host 10.10.10.125         >>>> antivirus server
    permit ip any 10.10.240.0 0.0.0.255   >>>> voice subnet
    permit ip any 10.10.31.0 0.0.0.255    >>>> quarantine vlan subnet
    permit ip any host 10.10.10.238        >>>> ip add of ISE1
    permit ip any host 10.10.10.239        >>>> ip add of ISE2
    permit ip any host 10.10.10.206        >>>> wsus server
    permit ip any host 10.10.10.10          >>>> domain 1
    permit ip any host 10.10.10.100          >>>> domain 2
    2- When I open a web browser, yes I get redirected to the nac agent download page
    3- outputs of the show authentication session interface fast 0/12, when the agent pops up with ISE1:
    sw#sho authentication sessions int fast 0/12
                Interface:  FastEthernet0/12
              MAC Address:  b8ac.6fc9.b26f
               IP Address:  10.10.31.2
                User-Name:  RJ\15592
                   Status:  Authz Success
                   Domain:  DATA
          Security Policy:  Should Secure
          Security Status:  Unsecure
           Oper host mode:  single-host
         Oper control dir:  both
            Authorized By:  Authentication Server
              Vlan Policy:  31
                  ACS ACL:  xACSACLx-IP-POSTURE-REMEDIATION-4fe82900
         URL Redirect ACL:  ACL-POSTURE-REDIRECT
             URL Redirect:  https://RJ-ISE-1.rj.com:8443/guestportal/gateway?session
    Id=0A0A0C86000000186ADBBD8B&action=cpp
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0A0A0C86000000186ADBBD8B
          Acct Session ID:  0x00000023
                   Handle:  0x31000018
    Runnable methods list:
           Method   State
           dot1x    Authc Success
           mab      Not run
    sw#sho authentication sessions int fast 0/12
                Interface:  FastEthernet0/12
              MAC Address:  b8ac.6fc9.b26f
               IP Address:  10.10.30.12
                User-Name:  RJ\15592
                   Status:  Authz Success
                   Domain:  DATA
          Security Policy:  Should Secure
          Security Status:  Unsecure
           Oper host mode:  single-host
         Oper control dir:  both
            Authorized By:  Authentication Server
              Vlan Policy:  30
                  ACS ACL:  xACSACLx-IP-PERMIT_ALL_TRAFFIC-4f57e406
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0A0A0C86000000186ADBBD8B
          Acct Session ID:  0x00000023
                   Handle:  0x31000018
    Runnable methods list:
           Method   State
           dot1x    Authc Success
           mab      Not run
    outputs of the show authentication session interface fast 0/12, when the agent pops up with ISE2:
    sw#sho auth sessions int fast 0/12
                Interface:  FastEthernet0/12
              MAC Address:  0025.6458.8409
               IP Address:  10.10.31.8
                User-Name:  RJ\15946
                   Status:  Authz Success
                   Domain:  DATA
          Security Policy:  Should Secure
          Security Status:  Unsecure
           Oper host mode:  single-host
         Oper control dir:  both
            Authorized By:  Authentication Server
              Vlan Policy:  31
                  ACS ACL:  xACSACLx-IP-POSTURE-REMEDIATION-4fe82900
         URL Redirect ACL:  ACL-POSTURE-REDIRECT
             URL Redirect:  https://RJ-ISE-2.rj.com:8443/guestportal/gateway?session
    Id=0A0A0C86000000206AF3FAC1&action=cpp
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0A0A0C86000000206AF3FAC1
          Acct Session ID:  0x0000002B
                   Handle:  0x2C000020
    Runnable methods list:
           Method   State
           dot1x    Authc Success
           mab      Not run
    you may find attached also the pcap file of the client machine when it is authenticating with the ISE2.
    Thank you in advance
    Zahi
    Message was edited by: ZAHI BOU KHALIL

Maybe you are looking for