Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
779
Views
0
Helpful
2
Replies

NAC Rules and Logic

Go to solution
gbudd12345
Level 1
Level 1

‎11-10-2010 10:50 AM - edited ‎02-21-2020 04:09 AM

I have a question about the WINXP rules in the NAC server and more specifically, if a rule reports a failing, but it's part of a ! rule, does that mean it's passing?  For example:

&(!pc_Windows_ehkeyctl|pc_XP_MCE_KB973768_MS09-037) (red denotes failure)


The NAC reports this as a failed check:

pc_Windows_ehkeyctl, File Check [$SYSTEM_ROOT\ehome\ehkeyctl.dll exists ]

Is it failing because it finds the file and there is a negation on the rule?

What about this:

         &(!pc_XP_2115168_MS10-052_FileChk|pc_XP_2115168_MS10-052)

The first part reports as passing, and the second reports as failing...but by all logic, this part of the rule should pass because the first part passed?  Does that sound correct?

Thanks!

--Gavin Budd

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lauren Sullivan
Level 1
Level 1

‎11-10-2010 02:00 PM

It's actually reporting a check failing - and in many cases this is expected (and confusing!).  For instance, with the pre-configured Windows checks, if it's a 32-bit client you will see it fail the 64-bit check.

Same thing with your second example check

&(!pc_XP_2115168_MS10-052_FileChk|pc_XP_2115168_MS10-052)

We expect it to either not pass the first check or pass the second check - but one of those checks will show as failed.  Clear as mud?

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Lauren Sullivan
Level 1
Level 1

‎11-10-2010 02:00 PM

It's actually reporting a check failing - and in many cases this is expected (and confusing!).  For instance, with the pre-configured Windows checks, if it's a 32-bit client you will see it fail the 64-bit check.

Same thing with your second example check

&(!pc_XP_2115168_MS10-052_FileChk|pc_XP_2115168_MS10-052)

We expect it to either not pass the first check or pass the second check - but one of those checks will show as failed.  Clear as mud?

0 Helpful

Go to solution
gbudd12345
Level 1
Level 1
In response to Lauren Sullivan

‎11-10-2010 02:15 PM

Yes, that what TAC just told me.  I need to fail the first check (it's passing and showing up as passing) or pass the second (it's failing).  The reporting of the passes and failures are of the checks themselves and don't take the negation (!) into consideration.

Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card