Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AntiVirus and CSA agent


We have norton antivirus installed on our desktops, we just deployed csa agents and it does not seem to complain about antivirus when it is run, i look at the rules and i see that they have pretty much open for antivirus applications.

My question is that under the rule that permits read and write to files, it says "applications". how does it know that it is norton which is trying to read and write to the files and no other application, what function in that rule distinguishes a malious program from doing the same thing???


Re: AntiVirus and CSA agent

Is this rule in the Virus Scanner module?

New Member

Re: AntiVirus and CSA agent


Please help.

New Member

Re: AntiVirus and CSA agent

There's an Application Class called "Virus Scanner Applications", you can find it Configuration - Applications - Application Classes

Click on the Application Class "Virus Scanner Applications" and in the Description theres a "Add process to application class" field, you will find the Application class executeables.

For example: $Virus Scanner - executeables (Norton)

also for McAfee and TrendMicro.

Doubleclick on the Norton Rule,

In the explanation:

All directories from Norton

@fixed \**\Norton*\**

@fixed \**\nav\**

@fixed \**\navnt\**

@fixed \**\Symantec*\**

all files with the following endings in the directories above are allowed:

bat cmd com dll exe ocx sys

In the Virus Scanner Module / Rule Explanation you will also find "File Access control" Rule, where an exception for the Virus Scanner Applications is ALLOWED:

"Attempts to read or wirte Files in directory matching by processes in application class will be allowed"....

hope this will help

New Member

Re: AntiVirus and CSA agent

Many thanks you are the best. why does some of the rules only have "application" class mentioned?