At least in our case the problem appears to have been a bad definitions file? The problem cleared itself Friday evening. I had already determined the problem was not related to CCA, Live Update was failing on my personal workstation not controlled by CCA. Changed the file date from 4 days to 0 this morning, working fine. I purposely waited until the next day before opening a TAC case, didn't need to. That's the first time I've seen that...
From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of King, Ronald A. Sent: Monday, September 21, 2009 11:20 AM To: [email protected] Subject: Re: Symantec Definitions We have been having an issue with Live Update access for users to update Norton/Symantec. We set a 7 day grace for AV updates, but, those that do not update automatically will fail the check. When they try to update, it fails even though we have all the update filters have been checked that apply to Norton/Symantec. At the moment, they get temporary full access to update. Client we are using is 4.6 with NAC 4.6.1. Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: [email protected]<mailto:[email protected]> http://security.nsu.edu From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Speight, Howard Sent: Friday, September 18, 2009 4:58 PM To: [email protected] Subject: Symantec Definitions I'm going to open a TAC case but thought this might be a quicker way to catch an engineer's eye or perhaps this is happening elsewhere? What we are seeing here is Live Update is failing (Symantec has been called as well) with an 1806 Error. The problem is Symantec Endpoint is only updating to def date of 9/17, CCA is listing 9/18 as the most current date, this is also the most current def on Symantec's web site. The temporary fix was to set the "allow definition file to be 4 days older than" the latest file date. This should get us through the weekend. For what it's worth, that's under Device Management > Clean Access > Clean Access Agent > Requirements > Requirement-Rules > Requirement Name "SAV Defs", that's what I called it... CCA 4.1.8 CCA, Agent 4.1.10 Howard
