NAC appliance - Virus scan

Unanswered Question
Aug 20th, 2007
User Badges:

Is it possible to force a virus scan prior to giving acces to the network using nac appliance (with or without cca) ?

Also, any way to know when was the last time the machine fully virus scanned ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
charles.demers-... Mon, 08/20/2007 - 11:08
User Badges:

Using the CAM GUI, where do you go go configure this ? All I can see is rule for av installation/service/definition. Maybe by the network scanner ?


charles.demers-... Tue, 08/21/2007 - 04:23
User Badges:

Looks like I must manually choose all virus I wanna scan a pc for ? Is there a plugin like "scan hardrive for any virus" ?

Jagdeep Gambhir Tue, 08/21/2007 - 05:26
User Badges:
  • Red, 2250 points or more


Yes, that is correct you need to define it.

Go into ---Rules---New AV rule select ANY for antivirus vendor.

Device management-----> Clean Access-----> Network Scanner ---> Plugin Updates

NAC is not for the purpose to scan whole system. AV is used for that purpose. It check and make sure that AV and MS update are up to date.



Jagdeep Gambhir Tue, 08/21/2007 - 07:42
User Badges:
  • Red, 2250 points or more


Q. Does the Cisco NAC Appliance actually clean, or does it just make sure programs are installed and updated so that machines remain clean?

A. In the case of a failed Windows hotfix, the Cisco NAC Appliance can automatically launch the Windows AutoUpdate tool. If the Cisco NAC Appliance detects an infection or vulnerability, it can push a fix tool to the user (Symantec's MyDoom Fix Tool, for example) and require that user to use it before accessing the network. In addition, any registry setting that is detected can trigger the download of software or scripts that secure the user's device to meet established security policies.

Q. How does the Cisco NAC Appliance work?

A. When a device attempts to log onto the network, the Cisco NAC Appliance requests authentication credentials and identifies what kind of device it is. Depending on the role of the user, a posture assessment is performed based on the requirements of the network. If the device is found to be noncompliant, the Cisco NAC Appliance redirects the machine to a quarantine area where the user can perform the necessary downloads to update the machine. The machine is then rescanned and, if compliant, is granted access to the network.

Q. What kind of scans does the Cisco NAC Appliance perform?

A. The Cisco NAC Appliance performs network- and agent-based scans. Network-based scans look for network vulnerabilities such as remote-procedure call (RPC) buffer overflows or messenger buffer overflows. Agent-based scans check a user's system registry, file system, and system memory for specific services and applications.

Hope that helps



This Discussion