cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
687
Views
4
Helpful
3
Replies

CSD Hostscan with AV checking

josupport
Level 1
Level 1

Hi all

I am configuring a ASA 5510 to performing the hostscan for the sslvpn. Below are the versions using:

ASA: 8.21 K8

CSD: 3.4.2048

Endpoint Assessment Ver: 2.5.19.1

I have two questions:

1. The endpoint assessment supports checking the anti-virus, however it seems it doesn't check whether the protection is on or not, is there a way to check whether the auto-protection is enabled? By registry key?

2. Is it possible for hostscan to do posture check? For example, if I disable/uninstall anti-virus during a sslvpn session, the session will terminate automatically.

Thanks and Regards,

Leo

3 Replies 3

auraza
Cisco Employee
Cisco Employee

1) If the process is not running, then it should show as not existing, and thus allow you to terminate, based on the DAP policy. From the CSD FAQ:

"Does the Host Scan check whether antivirus, antispyware, and firewall applications are present or running on the endpoint?

The Endpoint Assessment function of Host Scan, if enabled, returns for DAP evaluation the answer to whether the antivirus, antispyware, and firewall application selected as an endpoint attribute is running."

2) It will not, as CSD is only a pre-login assessment, and not post-login.

PS. Please rate this post, if you found it helpful.

Thanks for the reply, i will try more on 1.

No problem.

If you found my responses helpful, please do rate them.

Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: