Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Highlighted
New Member

When an Endpoint Assessment Fails

I have an ASA 5515-x running 9.03, and have AnyConnect clients running version 3.1.04063.  I am licensed for Advanced Endpoint Assessment and CSD.  The issue I am having is when I client connects using TrendMicro AV, and the Trend service is stopped, the Endpoint Assessment recognized this and attempts to start (which is good!), but it fails to start with the following warning logged:   

[Tue Sep 03 10:53:38.957 2013][cscan][warn][scan_advanced_av] unable to enable antivirus (Trend Micro Client/Server Security Agent)

At the end of the scan, it also logs that the check for activescan failed:

[Tue Sep 03 10:53:43.668 2013][cscan][debug][get_data] endpoint.av["TrendMicroAV"].activescan="failed"

The VPN conenction is then established and the user works as if everything passed (which is not good!).

What I am looking for is: if restarting the service fails, like in this case, deny the connections and hopefully put up a friendly message that the access was denied because AV failed to start.

Any ideas?    

1 REPLY
Cisco Employee

When an Endpoint Assessment Fails

Hi Richard,

you should be able to do this using DAP (Dynamic Access Policies) on the ASA, i.e. create a DAP rule that denies the connection if endpoint.av["TrendMicroAV"].activescan has a value of false, and a default rule that allows all other connections.

see http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

hth

Herbert

409
Views
0
Helpful
1
Replies
CreatePlease login to create content