Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Nac Agent do not execute remediation

Hi to all,

in a lab enviroment i have configured a CAM/CAS solution on 3310 server and I have installed 2 pc (one windows Vista and one XP) with nac client version.

My problem is auto-remediation and manual-remediation, client get me a temporaney access but do not start a live update programa (i use symantec endpoint protection 11).

I have admin right on both pc.

Why I can solve the problem?

Thanks for help


Re: Nac Agent do not execute remediation

There is not automatic remediation for all products. You must launch the endpoint protection, click live-update, then re-scan on the NAC agent and you will pass.

Quote from Cisco Doc (

"•Not all product versions of a particular vendor may support the Clean Access Agent launching the automatic update of the product. In this case, you can provide instructions (via the Description field of the AV or AS Definition Update requirement) to have users update their AV or AS definition files from the interface of their installed AV or AS product."

If you have verified that your requirement-rule is specifically for Symantec Endpoint Protection 11, and the rule has automatic remediation configured, then it may fall into this scenario. You may also have it configured where the endpoint protection is not accessible to the end-user and requires admin rights to launch. Please put the client in debug and send the results to TAC for analysis, as it would be the best bet for you to get a clear answer.

Hope that helps, rate if it does.