We just upgraded to Symantec Enpoint Protection (V11 antivirus) from 10.1.5.
We have a few users who use a anyconnect 2.2.0140 client to connect to a VA hospital system (3rd party we have no control of). After the symantec upgrade they now receive an error message that a local installation of Antivirus has not been found and thus will not connect.
I assume their policies to check for antivirus is on the ASA side...
Does anyone know if a client upgrade or a work around for this exists?
I don't know much about the anyconnect system, does it check for a file, process running, reg entry?
There certainly is an upgrade for the AnyConnect client available. The current version of AnyConnect client is 2.4, so there have been multiple releases since your 2.2.0140. I can not say whether the newer version of client would fix your problem or not but it might be worth trying.
It is possible to load a new version of the client from the ASA, if the ASA has the new version available. And there is a version of the AnyConnect client with a Windows installer, so you can install it locally if the hospital does not have a newer version.
You might also want to talk to the hospital and ask if they can change a policy on the ASA to help to resolve this problem.
The new client didn't work... I am guessing is a policy on the ASA side.
We have spoken with the VA, you know how governments work, they don't care. So we pretty much have to remove our enterprise managed antivirus and replace it with a stand alone older version. oh well, kinda home the VA gets a virus.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...