Help cisco NAC, AV Definition Update.

syedaltaf.shah · ‎12-26-2011

Hello guys,

I need some help here for updating the Cisco NAC AV Definition File, before that i have question.

Can i confgure cisco nac to check the Antivirus Definition file Update from AV Central Server and then check the clients for the same definition version ??? if Yes . How?

Where can i update AV Definition file regularly. because our cmopany updates the AV Definitions every day. so how cisco NAC knows which one is the latest and from where it verifies ??

Thanks in advance.

Nicolas Darchis · ‎12-27-2011

The condition for AV definition is "is more recent than x days old" on the NAC CAM.

So NAC doesn't need to check with any AV server what is the latest. It just checks that the client definition date is within X days of the current date. X being confurable on the CAM.

syedaltaf.shah · ‎12-27-2011

Ok now i forgot to tell about our network....

my NAC is not connected to internet. not possible to connect, i have created a "Check" for checking the virus definition update version in registry. it works, but when i click "Update" from the NAC Agent it is not updating antivirus. i have to manually update the antivirus.
My question is Why the NAC agent is not communicating with antivirus agent to update it?

Can you please help?

Nicolas Darchis · ‎12-27-2011

Ok that's a different question.

A manual update of the antivirus when the PC is in the quarantine state is working ?

This means that the clietn has the right access to the network to update itself, so that's good.

Then there's no real explanation why the NAC agent can't trigger the update. Btw, this NAC agent button to repair is actually just an API call to the AntiVirus and it's still the antivirus updating itself. So there's no real reason that it's not working. I would advise checking on the agent logs, but this is best done through a TAC case then as those logs requires TAC decoding tool

syedaltaf.shah · ‎12-27-2011

Yes Correct,... Manuall update of antivirus when the PC is in quarantine state is working...it updates, but same the NAC agent is not triggering the antivirus update,

Ok thanks Nicolas, i think i have to open TAC case for this issue.

One thing more, does it has anything to do with av-posture-pack-win-3.4.16.1.tar.gz ??

should i update this module ???

Nicolas Darchis · ‎12-27-2011

the latest is 3.4.21.1

This compliance module just contains all the details of the newest antivirus.

If you have an antivirus that was supported by your NAC version when it was out, it's ok.

If you updated the Anti-virus version then you need it yes.

The module is an alternative for when the CAM doesn't have internet access to stay up to date.

syedaltaf.shah · ‎01-01-2012

thanks Nicolas,

Is there anyway to update Cisco NAC Manager/Server for Antivirus Definition updates ??? because my network is not connected to Internet and there is no chance for doing the same, we can do is manaullay update every thing.

Nicolas Darchis · ‎01-02-2012

Well, this module above does that precisely ...

syedaltaf.shah · ‎01-02-2012

Nicolas, this virus Definition is updated daily from antivirus vendors..

but when i check from NAC Manager, Clean Access Agent > Rules > AV/VS Support > for McAfee inc, it is showing the lateest definition version 6183, but here we have 6586.000 even after upgrading this av module yesterday.