Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
1
Replies

Home PC User Antivirus Pre-Login Checks?

webabc123
Level 1
Level 1

‎07-16-2012 10:28 AM

Cisco client used is AnyConnect Secure Mobility Client 3.0.

I read in another thread that personal use home AV such as AVG and Microsoft Security Essentials update to new version numbers on a regular basis and then fail to be recognized when prelogin checks are done prior to VPN connection.

Is there any way to set up the ASA so that if it does not recognize the version of AV installed, (becuase it is a new version not in the CDS database etc) that, instead of rejecting the connection completely, it will give some limited access such as only network access to use the Remote Desktop Client protocol and/or access Intranet web sites through the browser?

What other solutions do others use? Not check AV version?  Allow home pc users to install Corporate AV on home PCs?  Not allow home pc user to connect at all?

Labels:
0 Helpful
1 Reply 1

Javier Portuguez
Level 9
Level 9

‎07-16-2012 10:39 AM

Hi,

For this you could use the Advance Endpoint Assessment feature in conjunction with the "Quarantine" option available in the DAP section since

8.3.1 and later.

Please check the following link:

http://tools.cisco.com/squish/E5bBD

The requirements are the following:    

- ASA 8.3(1) or later. 

- AnyConnect 2.5 Secure Mobility or later. 

- The Advance Endpoint Assessment license.

I hope it helps you.

Please rate any post that you find helpful.

0 Helpful
Customers Also Viewed These Support Documents