Mike, Thanks for information. So if I understood what you said all I need are two rules to do what I want:
Rule 1: Check and see if they have ANY of the 79 AV products are installed Rule 2. Check and see if the supported AV product is up to date Does that seem correct to you? The documentation I am finding on Cisco's site doesn't seem very up to date and is a bit confusing. Have you seen anything out there that might help me get started?? Thanks, Pete -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Mike Diggins Sent: Tuesday, September 08, 2009 10:34 AM To: [email protected] Subject: Re: AntiVirus Enforcement On Tue, 8 Sep 2009, Pete Boynton wrote: > Hello, > > I am getting ready to deploy a CAS in-band for VPN users coming into our > network. I had a few questions about antivirus that I can't seem to get > answered searching Google. > > > 1. Can I create a requirement that will check to see if clients have > ANY of the 79 antivirus supported installed and up to date? Or > > > 2. Do I need to create separate requirements for all 79 antivirus > products? Short answer but NO, you can use one rule to allow any of the supported AV products. You can also configure a single rule that only allows the AV product to be out-of-date by a configurable number of days. > 3. Most of my clients use AVG. How is support for AVG and NAC? The latest Agents support all current versions of AVG. It does take Cisco time to catch up to new releases though. That goes for most of the AV products. Usually an Agent update is required. -Mike
