Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

When an Endpoint Assessment Fails

I have an ASA 5515-x running 9.03, and have AnyConnect clients running version 3.1.04063.  I am licensed for Advanced Endpoint Assessment and CSD.  The issue I am having is when I client connects using TrendMicro AV, and the Trend service is stopped, the Endpoint Assessment recognized this and attempts to start (which is good!), but it fails to start with the following warning logged:   

[Tue Sep 03 10:53:38.957 2013][cscan][warn][scan_advanced_av] unable to enable antivirus (Trend Micro Client/Server Security Agent)

At the end of the scan, it also logs that the check for activescan failed:

[Tue Sep 03 10:53:43.668 2013][cscan][debug][get_data] endpoint.av["TrendMicroAV"].activescan="failed"

The VPN conenction is then established and the user works as if everything passed (which is not good!).

What I am looking for is: if restarting the service fails, like in this case, deny the connections and hopefully put up a friendly message that the access was denied because AV failed to start.

Any ideas?    

Cisco Employee

When an Endpoint Assessment Fails

Hi Richard,

you should be able to do this using DAP (Dynamic Access Policies) on the ASA, i.e. create a DAP rule that denies the connection if endpoint.av["TrendMicroAV"].activescan has a value of false, and a default rule that allows all other connections.