08-12-2011 08:15 AM - edited 03-10-2019 06:18 PM
Hello,
Hope someone can help, we have a NAC 4.8 deployment using Clean Access Agent 4.8.0.35 and are trying to use it with ESET. We are having
difficulties when we try to remediate to collect the latest anti virus definitions, when clicking on the update button we get a message stating
"The Remediation you are attempting is reporting an access denied error. This is usually due to a privileg issue. Please contact your system
administrator"
I have seen another post here about this but there was no final fix mentioned, the screenshot from that post is below, this is exactly the error we are getting.
The account logged onto the machine has administrative rights and the clean access agent was installed with administartive rights. If i open the ESET client tool and do an update from their it starts to update, so it can see the ESET server etc and be updated via the client, its just the Clean Access Agent which is having trouble triggering the remediation.
Cant seem to find out much information from Eset on this so any help would be greatly appreciated
Thanks
Ryan
05-21-2012 06:47 AM
BUMP BUMP!
I have this same problem too when using ISE...
I think it is bad design that Cisco should expect normal users to be admins on corporate machines. The AV client updates its AV definitions fine when the user is not a local admin, completely independant of Cisco NAC, so what is Cisco NAC doing to require admin priviledges?
Mario
05-23-2012 03:34 PM
Mario, this turned out not to be a local admin issue, it was how ESET is configured. There is an option to supply an ESET username and password, it is not necessary by default to get ESET working and updating but the Cisco NAC was expecting to see these credentials, when we added the credentials to ESET the NAC remediated as expected and updated!
Took a while to get to this resolution so good luck, worth contacting Cisco TAC as they assisted when we had this issue.
06-19-2012 05:51 AM
Hi Ryan,
do you know where you have to configure the USername and password? Is it in the ISE configuration or defined somewhere in the NAC agent profile that you use?
Thanks
mario
06-22-2012 02:20 AM
to answer my own question.
We were using Symantec Endpoint Protection 11 and the liveupdate feature was disabled by our Sys Admins which caused this error message for us.
mario
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide