CSD Hostscan with AV checking

Unanswered Question
Sep 22nd, 2009
User Badges:

Hi all


I am configuring a ASA 5510 to performing the hostscan for the sslvpn. Below are the versions using:

ASA: 8.21 K8

CSD: 3.4.2048

Endpoint Assessment Ver: 2.5.19.1


I have two questions:

1. The endpoint assessment supports checking the anti-virus, however it seems it doesn't check whether the protection is on or not, is there a way to check whether the auto-protection is enabled? By registry key?

2. Is it possible for hostscan to do posture check? For example, if I disable/uninstall anti-virus during a sslvpn session, the session will terminate automatically.


Thanks and Regards,


Leo

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
auraza Tue, 09/22/2009 - 11:22
User Badges:
  • Cisco Employee,

1) If the process is not running, then it should show as not existing, and thus allow you to terminate, based on the DAP policy. From the CSD FAQ:

"Does the Host Scan check whether antivirus, antispyware, and firewall applications are present or running on the endpoint?


The Endpoint Assessment function of Host Scan, if enabled, returns for DAP evaluation the answer to whether the antivirus, antispyware, and firewall application selected as an endpoint attribute is running."


2) It will not, as CSD is only a pre-login assessment, and not post-login.


PS. Please rate this post, if you found it helpful.

auraza Mon, 09/28/2009 - 06:06
User Badges:
  • Cisco Employee,

No problem.


If you found my responses helpful, please do rate them.


Thanks!

Actions

This Discussion