I am configuring a ASA 5510 to performing the hostscan for the sslvpn. Below are the versions using:
ASA: 8.21 K8
Endpoint Assessment Ver: 188.8.131.52
I have two questions:
1. The endpoint assessment supports checking the anti-virus, however it seems it doesn't check whether the protection is on or not, is there a way to check whether the auto-protection is enabled? By registry key?
2. Is it possible for hostscan to do posture check? For example, if I disable/uninstall anti-virus during a sslvpn session, the session will terminate automatically.
1) If the process is not running, then it should show as not existing, and thus allow you to terminate, based on the DAP policy. From the CSD FAQ:
"Does the Host Scan check whether antivirus, antispyware, and firewall applications are present or running on the endpoint?
The Endpoint Assessment function of Host Scan, if enabled, returns for DAP evaluation the answer to whether the antivirus, antispyware, and firewall application selected as an endpoint attribute is running."
2) It will not, as CSD is only a pre-login assessment, and not post-login.
PS. Please rate this post, if you found it helpful.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...