NAC - How to check AV running

Unanswered Question
Feb 10th, 2009

We have NAC 4.1.8 OOB deployment installed and a rule to check whether kaspersky is installed in users before giving them access to the network. That's working fine.

Now I want to check whether kaspersky is actually running on the user machine or not. (kaspersky can be installed but disabled) This condition is not checked by the AV_installed rules. (even when kaspersky is disabled, users are given access to the network)

Any of you know how to fix this ???

many thanks in advance for your valued inputs

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
greg.washburn Tue, 02/10/2009 - 08:54

My complicated way of doing this would be add a new check (service check or application check) for your particular version of kapersky.

Then create a rule (expression for your check).

Then create a link distribution requirement. For example that gives them the link to download the correct version from one of your servers - if they fail.

Then map the new requirement to a given operating system or group of operating systems.

Then under role-requirments enable the rule for a given user role.

Now there may already be some of this created for you but this would be from scratch situation.

Hope that helps.

thedinuka Tue, 02/10/2009 - 19:17

well, the problem is even if we disable kaspersky, the kaspersky service is still running. Now if we are checking the only the existence of the service, NAC would still allow the users with disabled kaspersky, in to the network.

So we need a different mechanism than the service check

thanks for the input though

Actions

This Discussion