NAC - AV Definition Rule Error Message

alfonso.cornejo · ‎09-29-2013

Hello,

I have a NAC 4.9(3) with a Virus Definition rule for McAfee 8.8.x that is showing this error message:

From this error, It seems that winxp and win2k are not supported by this virus definition rule (for the installation it works fine), but from the AV rule config I only can select "Windows All" so I can not exclude from there winxp and win2k.

In the requirements config I can choose what version of windows to work with and there I didn't select winxp and win2k (just for testing) but the problem remains.

Any ideas??

Thanks in advance.

Muhammad Munir · ‎09-30-2013

Hi

Regarding to your query, please do the following steps:

To view administrator reports for the Agent, go to Device Management > Clean Access > Clean Access Agent > Reports. To view information from the client, right-click the Agent taskbar icon and select Properties.

When troubleshooting AV/AS Rules, please provide the following information:

1. Version of CAS, CAM, and Agent.

2. Client OS version (e.g. Windows XP SP2)

3. Name and version of AV/AS vendor product.

4. What is failing—AV/AS installation check or AV/AS update checks? What is the error message?

5. What is the current value of the AV/AS def date/version on the failing client machine?

6. What is the corresponding value of the AV/AS def date/version being checked for on the CAM? (See Device Management > Clean Access > Clean Access Agent > Rules > AV/AS Support Info.)

alfonso.cornejo · ‎09-30-2013

Hi Muhammad,

The problem is that I can't get this rule enabled in the NAC configuration, right now for my role requirement the only one that is working is the "Install" rule but no the "Virus Definition".

As soon I clic "Save Rule" I get the error message that it's on the picture. Here you have the information:

1. Version of CAS, CAM, and Agent.

CAM and CAS 4.9.3

Agent 4.9.3.5

2. Client OS version (e.g. Windows XP SP2)

Windows XP

Windows 7

Windows 8

3. Name and version of AV/AS vendor product.

McAfee v8.8

4. What is failing—AV/AS installation check or AV/AS update checks? What is the error message?

AV update rule

5. What is the current value of the AV/AS def date/version on the failing client machine?

The rule is not being enabled in the NAC Manager

Thanks in advance for your help.

Muhammad Munir · ‎09-30-2013

Hi Alfonso,

The requirement must be corrected and made valid before it can be used. Typically requirements/rules become invalid when there is an operating system mismatch.

The Clean Access Manager automatically validates requirements and rules as they are created. The Validity column under Device Management > Clean Access > Clean Access Agent > Requirements > Requirement List displays a blue checkmark if the requirement is valid and a red "X" if the requirement is invalid.

Highlighting red "X" icons (if any) with your mouse reveals which rule and which check is causing the requirement to be invalid.

To Correct an Invalid Requirement:

Step 1 Go to Device Management > Clean Access > Clean Access Agent > Requirements > Requirement-Rules.

Step 2 Correct any invalid rules or checks as described in Valid.

Step 3 Select the invalid Requirement Name from the dropdown menu.

Step 4 Select the Operating System.

Step 5 Make sure the Requirement met if: expression is correctly configured.

Step 6 Make sure the rules selected for the requirement are valid (blue checkmark in Validity column).

Moreover kindly make sure that all rule configuration steps are according to the given below link:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/49/cam/m_agntd.html#wp1354971