Hi Brad, As for your question: *"How do you all handle new AV products coming into your environment?"*
Below is our approach to AV/AS within our NAC environment. [Excerpt starts] *Requirements:<https://web01.usfca.edu:8080/portal/app/portlets/results/viewsolution.jsp?solutionid=041127717404332&isGuest=true#Requirements> * To pass the Network Admission Control requirement in the ResHalls and access the campus network, all Windows computers must have the Cisco Nac Agent installed and meet the following conditions: 1. *Automatic Updates *enabled and set to 'Download and prompt...' - *TIP: if your machine is not kept up-to-date you will not pass NAC. * - All Windows Critical Updates, including Service Pack 3 for Windows XP, Windows 7 Service Pack 1, or Vista Service Pack 2, etc. must be installed. *Click here for more details<https://web01.usfca.edu:8080/portal/app/portlets/results/viewsolution.jsp?solutionid=041020819075425&isGuest=true&SToken=D6039B5F0B038C0A9093C1D2BDCBD167> .* 2. *Up-to-date anti-virus software* with current virus definitions. - *NOTE: If you aren't currently using a supported AV/AS, or you don't already use anti-virus and spyware protection with a current subscription, USF provides a free copy of Sophos Anti-Virus. In addition to protecting against viruses, Sophos provides a basic level of protection against spyware and adware.* - To download *Sophos AV*, click link for Installation files and instructions <http://antivirus.usfca.edu/> - (You need to log in to this page with your USFconnect username and password.) - *For a list of supported Cisco NAC Anti-Virus (AV) software click here<https://web01.usfca.edu:8080/portal/app/portlets/results/viewsolution.jsp?solutionid=041127919254511&isGuest=true&SToken=810F279912A8491E8121748096907D57> .* [Excerpt ends] Full public solution here: https://web01.usfca.edu:8080/portal/app/portlets/results/viewsolution.jsp?solutionid=041127717404332&isGuest=true Sincerely, -Nick On Tue, May 22, 2012 at 7:32 AM, Dan Taube <[email protected]> wrote: > Hello Brad, > > It is not exactly a situation of the anti-virus products taking NAC into > account, but rather that a third-party (OPSWAT - > http://www.opswat.com/products/oesis-framework/supported-applications?type=antivirus) > is not up-to-date with the latest version. Cisco utilizes OPSWAT in their > compliance module of NAC and so support is reliant on OPSWAT being updated. > I believe there is a set timeline before support is added, but I cannot > find my documentation that indicates such. > > Therefore, the option is to make one-off checks and rules to account for > latest version when they are not supported. > > In terms of Security Center, I remember looking into it once for a > in-house application and the latest versions of it prevent "unauthorized" > access. It seemed that one would have to be certified to interact with > Security Center in order to prevent malware from having access to it. > > Dan > -- > Dan Taube > Associate IT Support > Computer Infrastructure Support > Illinois State University > 309.438.4357 [support] > 309.438.8985 [direct] > > > On 5/22/12 8:54 AM, Terhune, Bradley N (Brad) wrote: > > Good morning list!**** > > A while back I sent out a memo asking if anyone knew if Cisco NAC could > check the Windows Security Center for compliance for AV and AV defs. Does > anyone have any ideas- any registry key to check against? We were able to > get Security Essentials 4.0 working with a registry workaround.**** > > ** ** > > How do you all handle new AV products coming into your environment? > These AV products don’t seem to take the Cisco NAC into account. Some > currenty examples are Kaspersky 2012, AVG 2012, and Security Essentials > 4.0. **** > > Our server is at 4.8 and so are our clients. Are we doing something > wrong? Are you all able to handle this better?**** > > These seem like valid products. I hate that we have to tell them to go > get something else.**** > > ** ** > > Thanks for any advice you might have.**** > > Brad Terhune**** > > [email protected]**** > > UTHSC ITS**** > > ** ** > > -- Nicholas Recchia, Ed.D. *Security Administrator* ITS - Security Services infosec.usfca.edu *University of San Francisco* Lone Mountain North - 236a 2130 Fulton Street San Francisco, CA 94117 *ITS Help Desk,* *Phone: 415-422-6668, E-mail: [email protected]* Fax: 415-422-6719
