05-05-2008 11:03 AM - edited 03-09-2019 08:39 PM
I manage Clean Access on a small college network. We allow several different AV products. One of the most popular is AVG because it's small, fast, unobtrusive, and free.
AVG recently released v8, but Clean Access won't recognize it and there is no option to allow v8 in my AV rule list.
My general question is for Cisco:
What kind of communication do you maintain with AV vendors so that the Clean Access list is kept up-to-date with current AV product versions?
This is especially troublesome with users who have purchased AV products such as Norton 360, McAfee, etc. Upgrades for these products come out, but are not support by Clean Access and I have to tell users to either go back to the previous version, or uninstall their current product and use a free one like AVG.
Am I missing something, or is this a problem for other Clean Access admins out there, too?
-Mike
05-09-2008 06:12 AM
Clean agent versions are updated based on the release of latest AV versions.4.1.3.2 is the minimum version of clean agent needed to use AVG 8.0 Antivirus Or Anti-Spyware.If you are using a lower version of Clean Agent then use the latest version(4.1.3.2).lower version will not support AVG.
Refer the Table in the url below for details of AV versions supported By Clean agent based on thier release:
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/413/413rn.html#wp483197
05-09-2008 06:39 AM
I tried 4.1.3.2 but got the same result - AVG 8 was not recognized. I'll try again, though.
05-14-2008 01:58 PM
i saw support for it but not under grisoft. it was under avg. said version 8. haven't tried it though.
06-03-2008 01:19 PM
Still no luck. I've upgraded the CAM and CAS to 4.1.3.1 and the client to 4.1.3.2, but Clean Access still doesn't recognize AVG 8. All the rules are created, and in the clean access agent report, AVG 8 is shown as one of the options - it's just not being found.
Anyone else have any luck getting AVG 8 to work?
06-06-2008 11:46 AM
I just tried the same thing: AVG 8.0 (free version) with agent 4.1.3.2 and it did NOT work.
Anyone else have problems? Anyone have luck?
Chris
07-03-2008 10:40 AM
Same here. The support for for AVG is not available when I check it under clean access|rules|AV\AS SUpport info screen.
Minimum Agent Version Required to Support AV Products
Product Name/Version Installation Virus Definition
Def Date Def Version
AVG 8.0 [AntiVirus] 8.x 4.1.3.2 (Not Supported) (Not Supported)
07-30-2008 06:32 AM
Yup still not working anybody else having the problem with Clean Access 4.1.3.2 and AVG 8.0 still? Working with Cisco Support again and they say it should work just fine.
07-30-2008 06:43 AM
I spoke with Cisco support about this last week. 4.1.3.2 will recognize the program, but the definition files are NOT supported (in AVG 8, Free edition).
According to the tech, AVG 8.0 (both Free and Pay versions) will be fully supported in the big software release at the end of this month (is it out yet?).
In the mean time, he helped me create a custom rule to check for the application and the definitions.
Since we did this it has been working fine. With both 4.1.3.1 and 4.1.3.2.
I'm swamped right now, but if I get some free time I'll try to post what we did (doubt it will be this week).
Chris
08-13-2008 10:28 PM
Thanks for updating me. I was gonna call tech tomorrow but I will try 4.1.6 first. I guess I will have to update/upgrade current cas from 4.3.1 to 4.6.x release on July 31st.
08-14-2008 04:14 AM
Interestingly enough, even though the Manager Installation and Configuration Guide for 4.1.6 lists AVG Technologies as one of the companies that is supported (both product and definitions), the Release Notes still do NOT have version information for the Definition files for AVG (free & pay).
So does that mean that we will still need a custom rule to fully support AVG?
I'll be interested to see. But it will be September before we can start testing 4.1.6 here.
Chris
08-14-2008 06:23 AM
I'm running 4.1.6 here and AVG 8.0 Free is still not working. Sees AVG and also sees the virus definition file number but no date. Got cisco to give me some steps on a custom rule check and looks as far as Cisco is concerned that will be the way it is.
08-15-2008 01:10 PM
I got Cisco to create custom rule for AVG and it is not working as expected. For e.g. If you got fresh copy of AVG with out-dated dat files than all files in program files\avg is up-to-date and NAC will think it's compliant as all files are from today's date or less than 5 days old in our case.
Can you guys share what parameters and checks you are using to make sure that AVG is really up-to-date before it's allowed on the network.
Thanks
10-01-2008 05:38 AM
Sorry for the super slow response. Here are the checks we are using:
Check Category: Application Check
Check Type: Application Status
Check Name: AVG8_Install
Application Name: avgrsx.exe
Operator: running
Check Description: AVG 8.x
OS: Windows All
Check Category: File Check
Check Type: File Date
Check Name: AVG_Definitions
File Path: SYSTEM_PROGRAMS \AVG\AVG8\updatecomps.cfg
Operator: later than
File Date: CAM date (midnight) - 7
File Date Type: Modification Date
Check Description: AVG 8 Definitions
OS: Windows All
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide