We use Sophos AV which CCA monitors by date, not version. I've found that students can be improperly flagged for lagging updates if their local system date and time are incorrect. Usually it's computers that have the time right (the clock is visible and annoys them when it's wrong, so they fix it) but the date is wrong.
-Anne -- Anne B. Pender Computing Support Analyst, Student Services Information Technology Services, Davidson College [EMAIL PROTECTED] From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Chris T. Healey Sent: Wednesday, September 24, 2008 9:25 AM To: [email protected] Subject: Re: Extremely Strange AV Issue - HELP Sorry - The student is running Windows XP - I am not sure of the service pack version. The only firewall that I could find was the Windows firewall and it is active and working (passing my CCA Firewall requirement). In a line by line search through the results of a report filter (all failing the AV results and running Windows XP) I have uncovered a couple more students with this problem - here are two that show that they have acceptable definitions: Student1 Product ID: EsetAV Product Name: NOD32 antivirus system Product Version: 2.70.16 Virus Definition File Version: 3458 (20080921) Virus Definition File Date: 9/21/2008 Student2 Product ID: GrisoftAV Product Name: AVG 7.5 Product Version: 7.5.516 Virus Definition File Version: 270.7.1 Virus Definition File Date: 9/23/2008 6:32:00 PM Thanks Chris ___________________________________ Chris Healey Capital University Office of Information Technology 1 College and Main Columbus, OH 43209-2394 614-236-6964 Email: [EMAIL PROTECTED] ___________________________________ "We are what we repeatedly do. Excellence, then, is not an act, but a habit." -Aristotle ___________________________________ ________________________________ From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Paul Sedy Sent: Tuesday, September 23, 2008 5:01 PM To: [email protected] Subject: Re: Extremely Strange AV Issue - HELP Chris, Just out of curiosity, is this running Windows XP or Vista? What service pack is it running? R. Paul Sedy, MCSE Network Manager Computer Services The Master's College [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> 661.362.2340 From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Chris T. Healey Sent: Tuesday, September 23, 2008 1:10 PM To: [email protected] Subject: Extremely Strange AV Issue - HELP Ok I am going to try the group before TAC as this is an extremely strange problem. I have a requirement for all groups called AVSignaturesCurrent-ForAll it has worked fine for a year or so and as its name implies it is for all users to see if their AV signatures are current (by current I mean no older than 14 days from the latest file date). The problem is that I have one student whose laptop running CCA agent 4.1.3.0 (and now 4.1.3.1) fails that check yet her definition files are dated properly. Everything was fine one day and then the next login it was not yet the signature files were unchanged and less than 14 days old. The 11th all was well: Client AV Info Product ID: NortonAV Product Name: Symantec AntiVirus Product Version: 10.1.5.5000 Virus Definition File Version: 9/5/2008 rev. 6 Virus Definition File Date: 9/5/2008 The next day, the 12th, this failed and it should have been OK until the 19th. I have worked on this quite a bit and after my help desk elevated it to me being just as stumped. I have several test that should result in would be valid AV dated signatures yet they are marked as failed. I have uninstalled the CCA Agent and reinstalled, even with an older 3.x version to then let it upgrade. I uninstalled the Symantec and reinstalled and even once did not let it update so that the server will see the 2006 signature files that are on the install CD: Client AV Info Product ID: NortonAV Product Name: Symantec AntiVirus Product Version: 10.1.5.5000 Virus Definition File Version: 9/8/2006 rev. 41 Virus Definition File Date: 9/8/2006 As expected this failed but when I let it update and the server reported the new signature date . . . it still failed!?!?!? - I even uninstalled and installed AVG 7, let it update and then tried again and no luck: Client AV Info Product ID: GrisoftAV Product Name: AVG 7.5 Product Version: 7.5.516 Virus Definition File Version: 270.7.1 Virus Definition File Date: 9/23/2008 7:38:00 AM What is going on? Has anyone encountered this? Does anyone have any ideas? I am not opposed to changing my rule but I wonder why this one student is the only one? Why are there not more if the problem is the rule? I did an export with text for 100 lines with a filter by that requirement and a failed status and I cannot see anyone else with Symantec and current dated signature files - I will again go through that export again and look at other AV software but if there was a wider problem then I would imagine that I would have more people at the help desk window. Thanks Chris ___________________________________ Chris Healey Capital University Office of Information Technology 1 College and Main Columbus, OH 43209-2394 614-236-6964 Email: [EMAIL PROTECTED] ___________________________________ "We are what we repeatedly do. Excellence, then, is not an act, but a habit." -Aristotle ___________________________________
