Nick, Thank you very much for sharing your information. Where do you pull your list of AV info from? The link near the bottom?
We do the same (pretty much) except we recommend Forefront to our Faculty/Staff, Security Essentials to students on their own equipment, and ClamXAV for Macs. I just wish we did not have to make people uninstall AV software that works fine. Seems like a lot of wasted time. Later, Brad From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Nick Recchia Sent: Tuesday, May 22, 2012 10:41 AM To: [email protected] Subject: Re: Cisco NAC and antivirus support Hi Brad, As for your question: "How do you all handle new AV products coming into your environment?" Below is our approach to AV/AS within our NAC environment. [Excerpt starts] Requirements:<https://web01.usfca.edu:8080/portal/app/portlets/results/viewsolution.jsp?solutionid=041127717404332&isGuest=true#Requirements> To pass the Network Admission Control requirement in the ResHalls and access the campus network, all Windows computers must have the Cisco Nac Agent installed and meet the following conditions: 1. Automatic Updates enabled and set to 'Download and prompt...' * [https://web01.usfca.edu:8080/portal/app/images/content_tip.gif] TIP: if your machine is not kept up-to-date you will not pass NAC. * All Windows Critical Updates, including Service Pack 3 for Windows XP, Windows 7 Service Pack 1, or Vista Service Pack 2, etc. must be installed. Click here for more details<https://web01.usfca.edu:8080/portal/app/portlets/results/viewsolution.jsp?solutionid=041020819075425&isGuest=true&SToken=D6039B5F0B038C0A9093C1D2BDCBD167>. 1. Up-to-date anti-virus software with current virus definitions. * [https://web01.usfca.edu:8080/portal/app/images/content_note.gif] NOTE: If you aren't currently using a supported AV/AS, or you don't already use anti-virus and spyware protection with a current subscription, USF provides a free copy of Sophos Anti-Virus. In addition to protecting against viruses, Sophos provides a basic level of protection against spyware and adware. * To download Sophos AV, click link for Installation files and instructions<http://antivirus.usfca.edu/> - (You need to log in to this page with your USFconnect username and password.) * For a list of supported Cisco NAC Anti-Virus (AV) software click here<https://web01.usfca.edu:8080/portal/app/portlets/results/viewsolution.jsp?solutionid=041127919254511&isGuest=true&SToken=810F279912A8491E8121748096907D57>. [Excerpt ends] Full public solution here: https://web01.usfca.edu:8080/portal/app/portlets/results/viewsolution.jsp?solutionid=041127717404332&isGuest=true Sincerely, -Nick On Tue, May 22, 2012 at 7:32 AM, Dan Taube <[email protected]<mailto:[email protected]>> wrote: Hello Brad, It is not exactly a situation of the anti-virus products taking NAC into account, but rather that a third-party (OPSWAT - http://www.opswat.com/products/oesis-framework/supported-applications?type=antivirus) is not up-to-date with the latest version. Cisco utilizes OPSWAT in their compliance module of NAC and so support is reliant on OPSWAT being updated. I believe there is a set timeline before support is added, but I cannot find my documentation that indicates such. Therefore, the option is to make one-off checks and rules to account for latest version when they are not supported. In terms of Security Center, I remember looking into it once for a in-house application and the latest versions of it prevent "unauthorized" access. It seemed that one would have to be certified to interact with Security Center in order to prevent malware from having access to it. Dan -- Dan Taube Associate IT Support Computer Infrastructure Support Illinois State University 309.438.4357<tel:309.438.4357> [support] 309.438.8985<tel:309.438.8985> [direct] On 5/22/12 8:54 AM, Terhune, Bradley N (Brad) wrote: Good morning list! A while back I sent out a memo asking if anyone knew if Cisco NAC could check the Windows Security Center for compliance for AV and AV defs. Does anyone have any ideas- any registry key to check against? We were able to get Security Essentials 4.0 working with a registry workaround. How do you all handle new AV products coming into your environment? These AV products don’t seem to take the Cisco NAC into account. Some currenty examples are Kaspersky 2012, AVG 2012, and Security Essentials 4.0. Our server is at 4.8 and so are our clients. Are we doing something wrong? Are you all able to handle this better? These seem like valid products. I hate that we have to tell them to go get something else. Thanks for any advice you might have. Brad Terhune [email protected]<mailto:[email protected]> UTHSC ITS -- Nicholas Recchia, Ed.D. Security Administrator ITS - Security Services infosec.usfca.edu<http://infosec.usfca.edu> University of San Francisco Lone Mountain North - 236a 2130 Fulton Street San Francisco, CA 94117 ITS Help Desk, Phone: 415-422-6668, E-mail: [email protected]<mailto:[email protected]> Fax: 415-422-6719
