Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSD Hostscan with AV checking

Hi all

I am configuring a ASA 5510 to performing the hostscan for the sslvpn. Below are the versions using:

ASA: 8.21 K8

CSD: 3.4.2048

Endpoint Assessment Ver: 2.5.19.1

I have two questions:

1. The endpoint assessment supports checking the anti-virus, however it seems it doesn't check whether the protection is on or not, is there a way to check whether the auto-protection is enabled? By registry key?

2. Is it possible for hostscan to do posture check? For example, if I disable/uninstall anti-virus during a sslvpn session, the session will terminate automatically.

Thanks and Regards,

Leo

3 REPLIES
Cisco Employee

Re: CSD Hostscan with AV checking

1) If the process is not running, then it should show as not existing, and thus allow you to terminate, based on the DAP policy. From the CSD FAQ:

"Does the Host Scan check whether antivirus, antispyware, and firewall applications are present or running on the endpoint?

The Endpoint Assessment function of Host Scan, if enabled, returns for DAP evaluation the answer to whether the antivirus, antispyware, and firewall application selected as an endpoint attribute is running."

2) It will not, as CSD is only a pre-login assessment, and not post-login.

PS. Please rate this post, if you found it helpful.

New Member

Re: CSD Hostscan with AV checking

Thanks for the reply, i will try more on 1.

Cisco Employee

Re: CSD Hostscan with AV checking

No problem.

If you found my responses helpful, please do rate them.

Thanks!

403
Views
4
Helpful
3
Replies