ASA-CX & ESET Virus Signatures using PRSM

jolson0573 · ‎11-10-2014

I have a slight problem. I'm using the CX Module of a ASA 5515-X and have web-policies setup on PRSM. On my access LAN, each user is required to log in if the ASA is unable to identify their login by the DC or the Context Directory Agent I have active. Problems are occurring because it seems that my anti-virus is unable to update unless each user has been identified. If they have not used the web or logged in, AV signatures are not being sent to each client. So some of my PCs have got infected recently. I'm using CX/PRSM 9.3.2.1(9) and ASA 9.1(4) Cisco has added Virus signatures for McAfee, Sophos and TrendMicro. They can bee seen in the system- PRISM-->Components-->Applications-->filter=virus

Does Cisco have plans to add ESET in there? I've been using ESET for almost two years ago and prior we were using TrendMicro. I've happy with ESET as it is very customization with XML files and configurations. Is there a work around? I already have an access policy set to Any-Any to all of ESET's update servers. Authentication is still needed though.

jolson0573 · ‎05-11-2015

We ended up solving this issue by placing traffic related to the ESET AV Servers in a specific ACL created for the CX Module. That ACL was applied to the interface and was denied from entering the CX. This solved the problem and the ESET clients are now able to update without an issue