Antivirus scan with nessus plugins on cisco nac

Hello,
We plan to use nessus plugins with cisco nac.
For some users, the computer should have any antivirus installed and updated before it can access network.
For other users, the computer should have mcafee antivirus installed and updated.
we tried to use plugins ID  16193 for the 1st check and 12107 for the 2d check.
We'd like to know if we need to configure credentials under scan option on each computer to check
if so, how to do if it's a guest's computer and we don't have credentials ?
For test, a credential was configured (under scan option) for the computers.
we chose "vulnerable if  hole, warning, info".
We tried to authenticate from a computer that has no antivirus installed, and from another computer that has mcafee installed but outdated.
we always get "no vulnerability detected" but when we launch test, it reports mcafee installed but outdated for the 2nd PC, no information for the 1st PC.
we tried to check if ftp service is running on the computer and it works fine.
We get notification on user's computer for FTP and client is not allowed to access network, but none for Antivirus (either Mcafee or any antivirus).
- how to do if we need that user are notified when there's no antivirus installed on his computer or when it is outdated ?
Any advice is extremelly appreciated.

You must download and install the appropriate Nessus for your PC.
After you download the latest plugins from the Nessus site, in the directory (for a Windows install) c:/Program Files/Tenable/Nessus/Plugins you will have a "plugin.tar.gz" file. You must rename or copy this to "plugins.tar.gz".
Next, in the NAC Manager console, under CLEAN ACCESS -> NETWORK SCANNER -> Plugin Updates, browse to the same folder and pick the "plugins.tar.gz" file. It MUST be named exactly as shown - with the S - to work. Perform the UPLOAD. When finished navigate over to the Scan Setup tab and select All in the Show ___ Plugins dropdown. You should hae around 20,000 of them.
HTH.
Jim

Similar Messages

  • Question about cisco nac agent

    When I deploy Cisco NAC appliance, the main different between using cisco nac appliance with or without agent? I see Cisco NAC agent has two function: scan and remediation. If Cisco NAC appliance without agent, Cisco NAC server will scan device and remediation. That is right?
    Please answer me early. Thank you for your answer.

    Sorry, I believe daldden is correct, without the agent you can still scan using the built-in Nessus scanner.
    We don't use the Nessus scanner, but these are some things to consider if you use the scanner. These are from memory though so anyone who actively uses the scanner may be able to give more up to date or complete info:
    1) You have to decide which vulnerabilities you want to scan for.
    2) The more plug-ins you enable, the longer (obviously) the scan takes.
    3) There are configuration steps for many of the plug-ins
    4) Your users will still need to go to a login page in order to be scanned.
    5) You have to configure the remediation information (URL, steps, etc) for each plug-in you enable.
    From our view point, the only reason we would enable the scanner is if we were looking for a specific vulnerability, perhaps a new threat that didn't yet have a patch. If it had a patch, we would watch for the patch using the agent (installed or web based).
    It was much easier for us to use the agent, to scan their system and make sure that the MS critical hot fixes were installed and/or an AV system was installed and up to date. As mentioned, if there is a patch for a vulnerability, you can use the agent to make sure that specific hot fix is installed.
    Remember that there is also a web agent. The web agent is an ActiveX or Java (you pick which one you want to use) applet that is loaded onto the person's machine, the system scanned, then the applet is unloaded.
    Of course, the agent is only for MSoft (with some MAC options), so if you have Linux systems, the Nessus scanner would be your only option.

  • Cisco Nac agent "List of Antivirus & Anti-Spyware Products Detected by the Agent "

    Hi All,
    We have posture assessment working with cisco Nac agent. Checking only symantec Antivirus def update and installation. Since there is windows defender in all the user pcs and turned off not in use. But cisco Nac agent is showing both windows defender and symantec in List of Antivirus & Anti-Spyware Products Detected by the Agent field. We dont want windows defender to show in this list.
    Anyone encountered this list before?? Please suggest.. I want to get rid of windows defender from this list in nac agent.

    Closest enhancement I could check on this is
    CSCts34764    NAC: Request for ANY rule to pass if 1 AS/AV definition is up to date
    Currently Windows Defender AnitSpyware comes installed on all Windows 7 machines.  Many users disable this and install their own AntiSpyware product.  Currently when using the ANY AntiSpyware up to date rule, it will fail if say MSE is up to date but not Windows Defender (since it is disabled).
    This is an enhancement request to add the ability to pass the ANY check if 1 AntiSpyware or AntiVirus definition is up to date but another is installed and out of date.  Currently if a customer wants to accomplish this they need to create a rule for every AntiVirus or AntiSpyware product and use the "Any Selected Rule Succeeds" option which is very cumbersome to configure.
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • Antivirus issue with NAC

    hello,
    i am currently using Microworld Escan antivirus corporate edition 8.0 antivirus server integrated with NAC in the network. I am planning to upgrade the antivirus server from Corporate edition 8.0 to Corporate edition 11.0. As per cisco document, Currently cisco NAC support only Escan Corporate for windows version 8.x only. which means version 11.x is not supported. I want to know,whether cisco will include support for escan corporate edition 11.x with NAC,even in future.
    waiting for reply!!!!!!!!!!!!!!!
    regards !!!!!!!!!

    Hello,
    Here are the links to the Windows and MacOS supported AV/AS on NAC 4.8.2:
    http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/48/WinAV-AS-vers86.pdf
    http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/48/MacOSXAV-AS-ver9.pdf
    Regards.

  • Cisco NAC Agent 4.9.1.682 Problems with Mac Os X 10.7.4

    Hi
    My Cisco NAC Agent  (version 4.9.1.682) doesn't work since I upgraded my Mac OS X  4 months ago, This happens every time with CISCO and MAC when there is a new update and it always seems to take forever to fix.
    The NAC agent just keeps asking for my login in details even though there are correct (I can log in with a PC no problem).
    Any update on when a new version is going to be released - Its getting really frustrating?

    I figured out a solution that works you must disable Online Certificate Status Protocol (OCSP) on the affected system. To do this :
        Open Keychain Access. Keychain Access can be found by selecting Go in the Finder and choosing the Utilities option. Keychain access should be listed in the folder that appears. Double-click the Keychain Access icon to open it.
        Select Keychain Access -> Preferences from the menu at the top of the screen
        Choose the Certificates tab
        Change the OCSP option from Best Effort to Off
        Close the Preferences dialog and quit Keychain Access
        You should be able to NAC now

  • Error with GPOs on Cisco NAC

    I have cisco nac deployed inband, all PCs had the CCA Agent deployed via a gpo before the migration. Now that all the systems are behind NAC inband, none of the systems will process GPOs, Machine or user policies. I have the unauthenticated role allowing all traffic to all the domain controllers, but with no luck. If i move the PC to a vlan that is not trunked to the CAS the GPOs process with no problem. Any ideas...?

    I think the ports list in the CAS Manual is not complete. Try this list of ports from the CAM Manual chapter:User Management: Traffic Control, Bandwidth, Schedule
    Allow TCP *:* Server/255.255.255.255: 88
    Allow UDP *:* Server/255.255.255.255: 88
    Allow TCP *:* Server/255.255.255.255: 389
    Allow UDP *:* Server/255.255.255.255: 389
    Allow TCP *:* Server/255.255.255.255: 445
    Allow UDP *:* Server/255.255.255.255: 445
    Allow TCP *:* Server/255.255.255.255: 135
    Allow UDP *:* Server/255.255.255.255: 135
    Allow TCP *:* Server/255.255.255.255: 3268
    Allow UDP *:* Server/255.255.255.255: 3268
    Allow TCP *:* Server/255.255.255.255: 139
    Allow TCP *:* Server/255.255.255.255: 1025

  • CISCO NAC deployment with ASA for internal servers (DMZ)

    We have deployed cisco ASA for our clients access to DMZ servers few months ago. Now we want to integrate cisco NAC solution without removing ASA
    from infrastructure. What will be the best deployment mode of cisco NAC so that clients can also pass through cisco ASA access list also for filtering before reaching to dmz servers.
    what gateway clients will use. Plz help.
    Should i use Virtual Gateway or Real Gateway for NAC. Client should first come to NAC(CAS) and then through ASA to reach DMZ servers.

    Hello,
    This should work. Please review the attached PDF for more clarity on this topic: https://supportforums.cisco.com/docs/DOC-9102
    HTH,
    Faisal

  • NAC and nessus plugin

    Hi
    On 4.1.3.2 and went to
    http://www.nessus.org/download/index.php
    and download
    nessus-plugins-2.2.11.tar.gz (7468 KB)
    nessus-plugins-GPL-2.2.11.tar.gz (1071 KB)
    renamed the 1st one to "plugins.tar.gz" and was able to upload the plugin successfully but when I try to apply plugins by selecting "-All-" nothing shows up. I delete the plugins and upload again - same problem. I restart by CAM and CAS and still a problem
    How do I get the plugins to show up?

    Hi,
    I don't know where did you get those files, but this what I did:
    Registered myself here:
    http://www.nessus.org/plugins/index.php?view=register
    In mail recieved as a response clicked:
    http://plugins.nessus.org/manual-register.php
    which let's you download all plugins (file all-2.0.tar.gz). That unfortunately can't be uploaded into CAM as is because it's larger than max. upload limit. You have to extract it, split into parts smaller than 10MB and compress again to plugins.tar.gz (7zip can be used for this)
    After that, you can upload/import 2 files produced into CAM and it should work ... it worked for me ;)

  • Nessus plugin not shown after uploading

    Hi all,
    <br />
    <br /> I have uploaded nessus plugins (chunk of 26 mb) but after that I need to see all these plugins but "scan setup" doesnt show any plugin ...I deleted and uploaded again as per cisco document.

    Cisco NAC supports the Nessus 2.x plugins. The current plugin is only 16MB. Confirm you have 2.x.

  • Cisco NAC: AV Defination Update Scenario !!!

    Hi,
    I just want to brain storm for this scenario to keep check the AV defiantion rule & requirement !!!
    I am using the Cisco NAC (4.8.2.3).... NAC updates are working fine and configured.
    My customer is using the Trend Micro OfficeScan AV (Ver = 10.5). I have configured the AV installation rule & requirement & mapped to the role. I wanted to check the 15 Days older AV Defnations. Configuration seems working fine.
    But, the issue is that, Cisco NAC Agent is showing the "Installed" Defination Date which is different for the each users. The showing date is the one, when they installed the AV on users. So, the users are getting failed to fullfil the 15 days older virus definations. When, i change the 15 days to e.g., 150 days to let th users fulful the requirement, then it works fine.
    The AV console is showing the right date on its software. I also found some registry keys which is keep updating & showing the latest date for AV defiantion date. I can use them but then it would need the administration to change it manually after each 15 days. But, i want to keep it automatic.
    how can we change in cisco nac agent to check the specified registry key???
    Please advise..
    BR,
    Mubasher Sultan

    Yes Correct,... Manuall update of antivirus when the PC is in quarantine state is working...it updates, but same the NAC agent is not triggering the antivirus update,
    Ok thanks Nicolas, i think i have to open TAC case for this issue.
    One thing more, does it has anything to do with av-posture-pack-win-3.4.16.1.tar.gz ??
    should i update this module ???

  • Cisco NAC technical information

    Hello everyone,
    So I've been looking through the Cisco website trying to get information about Cisco NAC (at the request of my boss, the IT team leader). Unfortunately, all the information about NAC on this website is geared towards supervisors and purchasing authorities; I haven't been able to find any sort of real technical data, just a bunch of sales mumbo-jumbo. I know a lot about what it can do, but nothing about how it does it.
    I would like to know how this system would interact with my network. I'm newly in charge of an almost pure Cisco network consisting of a couple dozen Catalyst 2950 switches and 3 Catalyst 3750 stacks in various positions throughout the network.
    Our network uses a star-topology, meaning all the switches tend to radiate from the central Layer 3 switches (the 3750s), meaning we don't, at the moment, have any sort of redundancy like in the Cisco-recommended Core-Distribution-Access topology. We want to get to that point sometime in the future.
    Anyways, I'd like to know how I can integrate Cisco NAC into my existing network. How would it connect and where? How does it regulate access? Do all computers require some kind of client to be installed? How does it regulate VLANs (of which we have about 50)?
    Like I said, we want to basically overhaul our network sometime in the future, but I'm not really counting on it happening soon, so I'd like to know how NAC would be implemented in our current network so that we may be able to enjoy some of those benefits right away.

    My explanations / answers are not authoritative but should provide some general idea about things you could accomplish with this product.
    1.) Since you are basically all Cisco you will probably use an out-of-band solution. This allows the NAC to "manage" your switch ports. As the sales literature suggests it's about mapping users/ips/macs to roles and allowing access based on the role. Example would be new device plugs in to a perm switch. You require that all machines have AV, New Defs, and Latest Updates. The client would use the agent to validate it has met these requirements. If not the agent may recommend (at your pref) how to meet the given requirement - I personally like the idea of providing links to pages where they can find information on fixing the issue. Once the 3 requirements are met you allow the system access to your network on a given vlan in a specific role.
    2.) Again, because your switches are all Cisco you have many options. Primarily in-band vs out-of-band. I have very little doubt you would choose out-of-band with the description of your topology given above.
    3.) Connection would be 2 ports on your 3750 stack.
    4.) It regulates traffic by performing requirements checks and by mapping machines to a given role. That role is aloowed to do certain activities on your network. I kinda of think of role management like a firewall of sorts. Once you are authenticated to a given role you are allowed to do things like surf the internet or ftp to an internal server. Each role could be given different access ability.
    5.) Technically no machines "require" a client to be installed. You can use a combination of web login with scanning and / or cisco agent installations. For linux machines no agent is currently available to my knowledge. For macs and pcs the agent (once installed) seems to make access simplier.
    6.) Vlan regulation depends on the type of install you choose. For example you may map vlans.
    Hope that helps.
    Greg W.

  • Cisco NAC Server

    Hello! Help me please!
    Im perform installation Cisco NAC Server 3315 ver. 4.8(2) but after that I cann't connect to Server by https - HTTP 403 Forbidden. And I can connect to NAC Server by ssh.
    What could be the reason?

    While rebooting , i am getting this:
    Starting nc_drivers:  /dev/nfastpci0
    [  OK  ]
    Starting nc_hardserver:  waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    nCipher server did not start; see /opt/nfast/log/hardserver.log
    [FAILED]
    Starting sshd:WARNING: initlog is deprecated and will be removed in a future release
    key_load_private_pem: RSA_blinding_on failed
    Could not load host key: /root/.perfigo/sec/tomcat.key
    Disabling protocol version 2. Could not load host key
    sshd: no hostkeys available -- exiting.
    [FAILED]
    Starting xinetd: [  OK  ]
    Starting console mouse services: [  OK  ]
    Starting nessusd: Loading the Nessus plugins...
    All plugins loaded                                  
    [  OK  ]
    Starting crond: [  OK  ]
    Starting anacron: [  OK  ]
    Starting atd: [  OK  ]
    Starting jexec:  Starting jexec services[  OK  ]
    Starting Ncipher services
    -- Running startup script 45drivers
    -- Running startup script 46exard
    -- Running startup script 50hardserver
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    nCipher server did not start; see /opt/nfast/log/hardserver.log
    Starting perfigo:  click: starting router thread pid 2092 (f7b7d340)
    Failed execute command : CONNECTFORCE, Error : Connection refused
    BaseAgent process reconnecting...
    Failed execute command : ACTIVE, Error : Connection refused
    BaseAgent executes [ACTIVE] ...
    Link Detect Manager only operates when HA is enabled.
    NFastApp_Connect failed: ServerNotRunning
    And then in the hardserver log I am getting nCipher card not in operational mode. Please change the settings on the card.
    How to resolve the issue.
    Thanks
    Shalvi Yadav

  • Cannot scan with HP LaserJet M1005 MFP

    I updated to Snow Leopard 10.6.3 yesterday. Big mistake as I cannot now scan with my HP LaserJet M1005 MFP. I have been unable to find a solution here or via Google. Does anyone know if this is possible? I realize this device has never been "Mac friendly" (one might even say, not compatible.... despite HP's over-generous claims), but I would have thought there would be a new driver for SL by now.
    If not, could anyone recommend a non-HP scanner (not MFP) that works well with SL?
    thanks!

    Hi @3Digit ,
    I see that you are having issues scanning, there isn't any scanning software in the HP folder. I would like to help you out today.
    Open the HP Scan window with one of the following methods:
    Double-click the HP Scan icon () for your printer on the Windows desktop.
    Click the Windows icon (), click All Programs, click the HP folder, click the name of your printer, and then click HP Scan.
    If you are missing the HP Scan software altogether, then the full software didn't install on the computer.
    If that is the case, uninstall and reinstall the printer software. Here is the link for the newest drivers. Software & Drivers.
    First do these steps, before installing the software, just to make sure it fully installs.
    I would disable all the start up programs and temporarily turn off the Antivirus Software and any Real Time Scanning in the Antivirus Software also, to see if that is causing the issue. How to use MSCONFIG . Click on the Startup tab and click Disable all, Then click the Services tab and check Hide All Microsoft Services.
    I have provided a document for how to scan. It is for Windows 7, but the steps will also work for Windows Vista.
    Scan from Windows 7 With the Full Feature HP Software for HP LaserJet Multifunction Printers
    How is the printer connected? (USB/Ethernet/Wireless)
    If you need further assistance, just let me know.
    Have a nice day!
    Thank You.
    Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
    Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
    Gemini02
    I work on behalf of HP

  • Cisco NAC server hang issue

    Hi All Cisco NAC Experts,  I am currently experiencing a Cisco NAC NAC3315-SVR hang issue.
    The issue was already happened for few time on the same server and the symptom when NAC server hung includes no response to ICMP ping, no response to SSH request, no response for access request to CAS management page via https, HA pair was detected down from its HA neighbor and triggered failover to secondary CAS.
    The CAS server was recovered after manually power cycle the hardware. 
    After went through the attachment CAS logs, I found all the services and logging service were stopped when the issue happening but unfortunately there is no any suspicious activity was logged down before or during the issue happening.
    I have also tried to search on Cisco Bug Toolkit but no similar case was found, I believe it was not caused by software bug due to the software version 4.8.1 is running in my company for years and only one CAS server having the issue.
    That will be great if any one can help me out for the same.
    Thanks,
    Eric

    Hi Bro
    This could be a problem with the certificate in that Cisco NAC appliance itself. My suggestion is to redo the certificate generation between the CAS CAM and CA Server. If this still doesn’t work, it could also be due to overload/broadcast storm on the LAN portion. This can be verified via Wireshark.
    If all else fail, then a hardware swap would seem like the next best thing.

  • Cisco NAC Web Agent + Windows 8

    Hello,
    I´m implementing a Cisco ISE 1.2 and I am having troubles with NAC Web Agent and Windows 8 compatibility.
    All time that I try install NAC Web Agent in Windows 8, I get the message "Agent User Operating System is Not Supported".
    Follow are some informations about my Environment:
    ISE 1.2 Patch 3
    OS: Windows 8 Enterprise
    IE: 10 (In Desktop Mode w and w/o Compatibility View)
    NAC Web Agent: 4.9.0.1007
    Could you help me ?
    Best Regards,
    Daniel Stefani

    Hi Charles,
    I can download all this files, but I can’t import it in ISE Resourses.
    NAC Agent MST files
    nacagentsetup-mst-4.9.3.9.zip
    NAC Agent MSI Installation file
    nacagentsetup-win-4.9.3.9.msi
    NAC Agent Installation Package
    nacagentsetup-win-4.9.3.9.tar.gz
    Mac Agent Installation Package for MacOSX
    CCAAgentMacOSX-4.9.3.803.tar.gz
    NAC Agent MST files
    nacagentsetup-mst-4.9.3.5.zip
    NAC Agent MSI Installation file
    nacagentsetup-win-4.9.3.5.msi
    NAC Agent Installation Package
    nacagentsetup-win-4.9.3.5.tar.gz
    In this link that you sent me doesn’t have options to Cisco NAC Web Agent.
    But in the follow yes…
    http://software.cisco.com/download/release.html?mdfid=283801620&flowid=26081&softwareid=283802505&release=1.2&relind=AVAILABLE&rellifecycle=&reltype=latest
    Best Regards,
    Daniel Stefani

Maybe you are looking for

  • Uploads pictures not music

    I used to be able to upload music and photos, but all of the sudden I can no longer get the music to upload, only the picutres will upload. I have tried the 5r, and nothing. I get a message when i try to sync my music the error message states "The ip

  • Satellite U400-12P - Multimedia Shortcut Keys illuminates 24-7

    Hey everyone, I am new to this forum and I hope someone will solve the problem I have. I own a Toshiba Satellite U400-12P (been a year now). Past few days I have noticed that the multimedia keys (PLAY/PAUSE/FFD/RWD/) isn't functiong (doesnt respond t

  • Report needed - Open materials on PO, sorted by material and not PO number

    Hello, I've been trying to obtain a report that can give me a list of materials that are open for all PO numbers.  Instead of this being sorted by PO number, I want it sorted by material number. I've gone through all the ME2 transactions (i.e. ME2L,

  • Upgrade itunes install new hard drive

    Hi there. Long long time iTunes user here.  A while back I switched off automatic upgrades and have been sitting on version 9.1.1.12 for some time.  I've been meaning to update it ... and now I'd like to do that and more:  upgrade my C hard drive and

  • HELP PLZ!! i tune wont open at all!

    this is getting so frustrating!! now i have another problem, itune wont even run! it keeps giving a message that quicktime is required to run itunes. i alrready have quick time installed and it still wouldnt run can someone help me please