Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Home PC User Antivirus Pre-Login Checks?

Cisco client used is AnyConnect Secure Mobility Client 3.0.

I read in another thread that personal use home AV such as AVG and Microsoft Security Essentials update to new version numbers on a regular basis and then fail to be recognized when prelogin checks are done prior to VPN connection.

Is there any way to set up the ASA so that if it does not recognize the version of AV installed, (becuase it is a new version not in the CDS database etc) that, instead of rejecting the connection completely, it will give some limited access such as only network access to use the Remote Desktop Client protocol and/or access Intranet web sites through the browser?

What other solutions do others use? Not check AV version?  Allow home pc users to install Corporate AV on home PCs?  Not allow home pc user to connect at all?


Re: Home PC User Antivirus Pre-Login Checks?


For this you could use the Advance Endpoint Assessment feature in conjunction with the "Quarantine" option available in the DAP section since

8.3.1 and later.

Please check the following link:

The requirements are the following:    

- ASA 8.3(1) or later. 

- AnyConnect 2.5 Secure Mobility or later. 

- The Advance Endpoint Assessment license.

I hope it helps you.

Please rate any post that you find helpful.

CreatePlease to create content