Table Of Contents
Release Notes for Cisco NAC Appliance,
Version 4.1(8)Cisco NAC Appliance Service Contract/Licensing Support
System and Hardware Requirements
Cisco NAC-3300 Series Appliances
Release 4.1(8) and Cisco NAC Profiler
Important Installation Information for NAC-3310
Additional Hardware Support Information
Supported Switches for Cisco NAC Appliance
VPN and Wireless Components Supported for Single Sign-On (SSO)
Software Compatibility Matrixes
Release 4.1(8) Compatibility Matrix
Release 4.1(8) CAM/CAS Upgrade Compatibility Matrix
Release 4.1(8) Agent Upgrade Compatibility Matrix
Determining the Software Version
Clean Access Manager (CAM) Version
Clean Access Server (CAS) Version
Cisco NAC Appliance Agents Versioning
Cisco Clean Access Updates Versioning
Enhancements in Release 4.1(8)
CAS Fallback Behavior Enhancement
CAS HA Pair Link-Detect Configuration Enhancement
DHCP Failover Behavior Enhancement
Supported AV/AS Product List Enhancements (Version 73)
Cisco NAC Appliance Agent Enhancements
Windows Clean Access Agent Enhancements
Windows Clean Access Agent Version 4.1.10.0
Windows Clean Access Agent Version 4.1.8.0
Mac OS X Clean Access Agent Enhancements
Cisco NAC Web Agent Enhancements
Clean Access Supported AV/AS Product List
Clean Access AV Support Chart (Windows Vista/XP/2000)
Clean Access AV Support Chart (Windows ME/98)
Clean Access AS Support Chart (Windows Vista/XP/2000)
Supported AV/AS Product List Version Summary
Resolved Caveats - Agent Version 4.1.10.0
Resolved Caveats - Agent Version 4.1.8.0
Resolved Caveats - Release 4.1(8)
Known Issues for Cisco NAC Appliance
Known Issue with Mass DHCP Address Deletion
Known Issues with HP ProLiant DL140 G3 Servers
Known Issue with NAC-3310 CD Installation
Known Issues with NAC-3300 Series Appliances and Serial HA (Failover) Connection
Known Issue with Cisco 2200/4400 Wireless LAN Controllers (Airespace WLCs)
Known Issues with Broadcom NIC 5702/5703/5704 Chipsets
Known Issue for Windows Vista and IP Refresh/Renew
Known Issues for Windows Vista and Agent Stub
Use "No UI" or "Reduced UI" Installation Option
"Interactive Services Dialog Detection" and Uninstall
Known Issues with MSI Agent Installer
Known Issue with Windows 2000 Clean Access Agent/Local DB Authentication
Known Issue with Windows 98/ME/2000 and Windows Script 5.6
New Installation of Release 4.1(8)
Settings That May Change With Upgrade
General Preparation for Upgrade
Upgrading to Release 4.1(8)—Standalone Machines
Web Console Upgrade—Standalone Machines
Console/SSH Upgrade—Standalone Machines
Access Web Consoles for High Availability
Console/SSH Instructions for Upgrading CAM and CAS HA Pairs
Vista/IE 7 Certificate Revocation List
Windows Vista Agent Stub Installer Error
Agent Stub Upgrade and Uninstall Error
Clean Access Agent AV/AS Rule Troubleshooting
Generating Windows Installer Log Files for Agent Stub
Debug Logging for Cisco NAC Appliance Agents
Generate Windows Agent Debug Log
Generate Mac OS X Agent Debug Log
Recovering Root Password for CAM/CAS (Release 4.1.x/4.0.x/3.6.x)
No Web Login Redirect / CAS Cannot Establish Secure Connection to CAM
Troubleshooting Switch Support Issues
Troubleshooting Network Card Driver Support Issues
Other Troubleshooting Information
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco NAC Appliance,
Version 4.1(8)
Revised: July 10, 2009, OL-18651-01Contents
These release notes provide late-breaking and release information for Cisco® NAC Appliance, release 4.1(8). This document describes new features, changes to existing features, limitations and restrictions ("caveats"), upgrade instructions, and related information. These release notes supplement the Cisco NAC Appliance documentation included with the distribution. Read these release notes carefully and refer to the upgrade instructions prior to installing the software.
•
Cisco NAC Appliance Service Contract/Licensing Support
•
•
•
•
•
Cisco NAC Appliance Releases
4.1.10.0 Cisco Clean Access Agent
May 26, 2009
4.1(8) ED
January 29, 2009
Note
Cisco NAC Appliance Service Contract/Licensing Support
For complete details on service contract support, new licenses, evaluation licenses, legacy licenses and RMA, refer to the Cisco NAC Appliance Service Contract / Licensing Support.
System and Hardware Requirements
This section describes the following:
•
•
System Requirements
See Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access) for system requirement information for the Clean Access Manager (CAM), Clean Access Server (CAS), and Cisco NAC Appliance Agents.
Hardware Supported
This section describes the following:
•
•
•
Cisco NAC Network Module
Release 4.1(8) supports the Cisco NAC Appliance network module (NME-NAC-K9) on the next generation service module for the Cisco 2811, 2821, 2851, 3825, and 3845 Integrated Services Routers (ISRs). The Cisco NAC Network Module for Integrated Services Routers supports the same software features as the Clean Access Server on a Cisco NAC Appliance, with the exception of high availability. NME-NAC-K9 does not support failover from one module to another.
For hardware installation instructions (how to install the Cisco NAC network module in an Integrated Service Router), refer to the following sections of the Cisco Network Modules Hardware Installation Guide.
•
•
For software installation instructions (how to install the Clean Access Server software on the NAC network module) refer to Getting Started with Cisco NAC Network Modules in Cisco Access Routers.
Note
Cisco NAC-3300 Series Appliances
Release 4.1(8) supports Cisco NAC Appliance 3300 Series platforms.
Customers have the option to upgrade NAC-3310, NAC-3350, or NAC-3390 MANAGER and SERVER appliances to release 4.1(8) using a single upgrade file, cca_upgrade-4.1.8.tar.gz.
CD installation of release 4.1(8) is also supported:
•
Note
•
Note
Release 4.1(8) and Cisco NAC Profiler
Release 4.1(8) includes version 2.1.8-37 of the Cisco NAC Profiler Collector component that resides on Clean Access Server installations. You will need to upgrade the Collector component on the 4.1(8) CAS for compatibility with the latest release of the Cisco NAC Profiler software. Refer to the latest version of the Release Notes for Cisco NAC Profiler for details.
Note
Important Installation Information for NAC-3310
•
•
NAC-3310 Required BIOS/Firmware Upgrade
The NAC-3310 appliance is based on the HP ProLiant DL140 G3 server and is subject to any BIOS/firmware upgrades required for the DL140 G3. Refer to Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access) for details.
NAC-3310 Required DL140 or serial_DL140 CD Installation Directive
With Cisco NAC Appliance 4.1(x) releases, the NAC-3310 appliance (MANAGER and SERVER) requires you to enter the DL140 or serial_DL140 installation directive at the "boot:" prompt when you install new system software from a CD-ROM. For more information, refer to Known Issue with NAC-3310 CD Installation.
Additional Hardware Support Information
See Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access) for details on:
•
•
•
•
See Troubleshooting for further details.
Supported Switches for Cisco NAC Appliance
See Switch Support for Cisco NAC Appliance for complete details on:
•
•
•
•
VPN and Wireless Components Supported for Single Sign-On (SSO)
Table 1 lists VPN and wireless components supported for Single Sign-On (SSO) with Cisco NAC Appliance. Elements in the same row are compatible with each other.
Table 1 VPN and Wireless Components Supported By Cisco NAC Appliance For SSO
4.1(8)
Cisco WiSM Wireless Service Module for the Cisco Catalyst 6500 Series Switches
N/A
Cisco 2200/4400 Wireless LAN Controllers (Airespace WLCs)1
N/A
Cisco ASA 5500 Series Adaptive Security Appliances, Version 8.0(3)7 or later2
AnyConnect
Cisco ASA 5500 Series Adaptive Security Appliances, Version 7.2(0)81 or later
•
•
Cisco WebVPN Service Modules for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Cisco VPN 3000 Series Concentrators, Release 4.7
Cisco PIX Firewall
1 For additional details, see also Known Issue with Cisco 2200/4400 Wireless LAN Controllers (Airespace WLCs).
2 Release 4.1(8) supports existing AnyConnect clients accessing the network via Cisco ASA 5500 Series devices running release 8.0(3)7 or later. For more information, see the Release Notes for Cisco NAC Appliance, Version 4.1(3), and CSCsi75507.
Note
For further details, see the Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release 4.1(8) and the Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.1(8).
Software Compatibility
This section describes software compatibility for releases of Cisco NAC Appliance:
•
•
For details on Clean Access Agent and Cisco NAC Web Agent client software versions and AV integration support, see:
•
Software Compatibility Matrixes
This section describes the following:
•
•
•
Release 4.1(8) Compatibility Matrix
Table 2 shows Clean Access Manager and Clean Access Server compatibility and the Agent version supported with each Cisco NAC Appliance 4.1(8) release (if applicable). CAM/CAS/Agent versions displayed in the same row are compatible with one another. Cisco recommends that you synchronize your software images to match those shown as compatible in the table.
Table 2 Release 4.1(8) Compatibility Matrix
4.1(8) 4
4.1(8) 4
4.1.10.0
4.1.8.0
4.1.7.0
4.1.6.0
4.1.3.x
4.1.2.x
4.1.1.0
4.1.0.x 54.1.3.x
4.1.2.x
4.1.1.0
4.1.0.x 54.1.10.0
4.1.8.2
4.1.6.0
4.1.3.x
1 See Cisco NAC Appliance Agents for details on version updates for each Windows/Mac OS X/Web Agent.
2 Version 4.1.10.0 of the Windows Clean Access Agent is compatible with the 4.1(8) CAM and CAS releases. See Cisco NAC Appliance Agents for details and caveats resolved for each Agent version.
3 Mac OS X Clean Access Agent supports authentication only (no posture assessment) and auto-upgrade starting from version 4.1.3.0.
4 Cisco NAC Appliance Release 4.1(8) is a general and important enhancement and bug fix release as described in Enhancements in Release 4.1(8).
5 Cisco strongly recommends running the latest 4.1.10.x version of the Clean Access Agent with release 4.1(8) of the CAM/CAS. If necessary, release 4.1(8) allows administrators to optionally configure the 4.1(8) CAM/CAS to allow 4.1.0.x Agent authentication and posture assessment (Windows only). Note that by default, 4.1.0.x Agents are not allowed to log into a 4.1(8) Cisco NAC Appliance system. However, an Agent upgraded to 4.1.10.0 can still log into a 4.1(0) CAM/CAS. See 4.1.0.x Agent Support on Release 4.1(1) in the 4.1(1) release notes for details.
Release 4.1(8) CAM/CAS Upgrade Compatibility Matrix
Table 3 shows 4.1(8) CAM/CAS upgrade compatibility. You can upgrade/migrate your CAM/CAS from the previous release(s) specified to the latest release shown in the same row. When you upgrade your system software, Cisco recommends you upgrade to the most current release available whenever possible.
Table 3 Release 4.1(8) CAM/CAS Upgrade Compatibility Matrix
Upgrade From:
4.1(8) 3
4.1(8) 3
1 Release 4.1(0), 4.1.0.1, and 4.1.0.2 do not support and cannot be installed on Cisco NAC Appliance 3300 Series platforms.
2 "In-place" upgrade from version 3.5(7)+ to 4.1(8) is not supported. Customers wishing to upgrade a system from 3.5(7)+ to 4.1(8) must use the supported in-place upgrade procedure to upgrade from 3.5(7)+ to 4.0(6), and then upgrade to 4.1(8).
3 Cisco NAC Appliance Release 4.1(8) is a general and important enhancement and bug fix release as described in Enhancements in Release 4.1(8).
.
Release 4.1(8) Agent Upgrade Compatibility Matrix
Table 4 shows Clean Access Agent upgrade compatibility when upgrading existing versions of the Agent after 4.1(8) CAM/CAS upgrade. You can auto-upgrade any 3.5.1+ Windows Agent directly to the latest 4.1.10.0 Windows Agent. You can auto-upgrade Mac OS X Agents starting from version 4.1.3.0 and later.
Note
Refer to the "Cisco NAC Appliance Agents Systems Requirements" section of the Supported Hardware and System Requirements for Cisco NAC Appliance for additional compatibility details.
1 Clean Access Agent versions are not supported across major releases. Do not use 4.1.3.x Agents with 4.0(x) or prior releases. However, auto-upgrade is supported from any 3.5.1 and later Agent directly to the latest 4.1.10.0 Agent.
2 See Cisco NAC Appliance Agents for details on version updates for each Windows/Mac OS X/Web Agent.
3 For checks/rules/requirements, version 4.1.1.0 and later Clean Access Agents can detect "N" (European) versions of the Windows Vista operating system, but the CAM/CAS treat "N" versions of Vista as their US counterpart.
4 Auto-upgrade of the Mac OS X Agent is supported starting from version 4.1.3.0 and later. Release 4.1(1) and release 4.1(2)+ do not support auto-upgrade for the Mac OS X Agent. Users can upgrade client machines to the latest Mac OS X Agent by uninstalling the existing Mac OS X Agent, downloading the new Agent via web login, and running the Agent installation. For more information, see Mac OS X Clean Access Agent Enhancements.
5 Cisco strongly recommends running the latest 4.1.10.x version of the Clean Access Agent with release 4.1(8) of the CAM/CAS. If necessary, release 4.1(8) allows administrators to optionally configure the 4.1(8) CAM/CAS to allow 4.1.0.x Agent authentication and posture assessment. Note that by default, 4.1.0.x Agents are not allowed to log into a 4.1(8) Cisco NAC Appliance system. However, an Agent upgraded to 4.1.10.0 can still log into a 4.1(0) CAM/CAS. See 4.1.0.x Agent Support on Release 4.1(1) in the 4.1(1) release notes for details.
Determining the Software Version
There are several ways to determine the version of software running on your Clean Access Manager (CAM), Clean Access Server (CAS), or Clean Access Agent, as described below.
•
•
•
•
Clean Access Manager (CAM) Version
The top of the CAM web console displays the software version installed. After you add the CAM license, the top of the CAM web console displays the license type (Lite, Standard, Super). Additionally, the Administration > CCA Manager > Licensing page displays the types of licenses present after they are added.
The software version is also displayed as follows:
•
•
CAM Lite, Standard, Super
The NAC Appliance Clean Access Manager (CAM) is licensed based on the number of NAC Appliance Clean Access Servers (CASes) it supports. You can view license details under Administration > CCA Manager > Licensing. The top of CAM web console identifies the type of CAM license installed:
•
•
•
Note the following:
•
•
•
Clean Access Server (CAS) Version
You can determine the CCA software version running on the Clean Access Server (whether NAC-3300 appliances or Cisco NAC network modules) using the following methods:
•
•
•
Note
Cisco NAC Appliance Agents Versioning
On the CAM web console, you can determine versioning for the Cisco NAC Appliance Agents from the following pages:
•
•
•
•
From the Clean Access Agent itself on the client machine, you can view the following information from the Agent taskbar menu icon:
•
•
Cisco Clean Access Updates Versioning
To view the latest version of Updates downloaded to your CAM, including Cisco Checks & Rules, Cisco NAC Web Agent, Clean Access Agent Upgrade Patch, Supported AV/AS Product List, go to Device Management > Clean Access > Update > Summary on the CAM web console. See Clean Access Supported AV/AS Product List and Clean Access Supported AV/AS Product List for additional details.
New and Changed Information
This section describes enhancements added to the following releases of Cisco NAC Appliance for the Clean Access Manager and Clean Access Server.
•
See Cisco NAC Appliance Agents for new features and enhancements to Cisco NAC Appliance Agents.
For additional details, see also:
•
•
Enhancements in Release 4.1(8)
This section details the enhancements delivered with Cisco NAC Appliance release 4.1(8) for the Clean Access Manager and Clean Access Server.
General Enhancements
•
•
•
Cisco NAC Appliance Agent Enhancements
•
General Enhancements
CAS Fallback Behavior Enhancement
In Cisco NAC Appliance Release 4.1(8), the CAS Fallback function has been enhanced to more appropriately handle CAS Fallback behavior when the CAM becomes unreachable on the network. In previous releases of Cisco NAC Appliance, the CAS determined that the CAM was unreachable after failing to successfully poll the CAM over a specified Detect Timeout period and would automatically initiate a Fallback event. Once the CAS was able to successfully contact the CAM one time following a Fallback event, the CAS would assume the CAM was "alive" again and resume normal operation (exit Fallback mode). Unfortunately, depending on the Fallback settings for the CAS, this behavior could lead to the CAS continually flapping between Fallback mode and normal operation when the network experienced even minor intermittent connectivity issues, and leave large segments of the user pool unable to log in.
With Cisco NAC Appliance Release 4.1(8), in addition to setting both the Detect Interval and Detect Timeout values in the CAS Fallback page, administrators can also specify the CAM detection Fail Percentage threshold value that helps better tune the CAS Fallback behavior to the network. When the administrator specifies a value for the Fail Percentage setting, the CAS also automatically sets the subsequent Resume Percentage success threshold value that determines when the CAS returns to normal operation following a CAS Fallback event.
For new installations of Cisco NAC Appliance Release 4.1(8), this enhancement also introduces new default value of 20 seconds for the Detect Interval setting and requires the Detect Timeout value to be at least 15 times the specified Detect Interval. If you are upgrading to release 4.1(8) and already employ CAS Fallback behavior in your system, your existing values for these settings are preserved, and you may need to reconfigure your settings to maintain expected CAS Fallback behavior in your network.
Note
This enhancement affects the following page of the CAM web console:
•
CAS HA Pair Link-Detect Configuration Enhancement
Cisco NAC Appliance Release 4.1(8) enables administrators to create and/or edit a configuration file residing on the CAS to specify link-detect interfaces to monitor on the CAS. This enhancement is designed to provide a solution for Cisco NAC Appliance networks where, due to network topology or configuration issues, CAS high-availability (HA) pairs may be unable to verify connectivity with the trusted (eth0) and/or untrusted (eth1) external interfaces specified in the CAS web console (Administration > Network Settings > Failover).
To enable this enhancement, the administrator must add or update the linkdetect.conf file residing in the /etc/ha.d/ directory on the CAS, specifying the interface(s) on which to enable Link-detect functionality. After adding/updating the file, you must stop and then restart services on the CAS using the service perfigo stop and service perfigo start commands.
For more information, see CSCsv74447.
DHCP Failover Behavior Enhancement
Cisco NAC Appliance Release 4.1(8) enhances the CAS failover behavior for DHCP when a standby CAS assumes the role of the active CAS. In the event an active HA CAS performing DHCP address assignment is in Fallback (Fail Open) state before the failover event, the standby CAS is now able to assume DHCP address management functions in addition to user login.
This enhancement addresses an issue where client machines are unable to get IP addresses or even renew address leases when the DHCP service is configured to run on an active HA CAS and the CAS goes into Fallback (Fail Open) mode when the CAM becomes unreachable for an extended period of time. This enhancement also improves Cisco NAC Appliance availability and operation when the active CAS reboots or the CAS fails over when the CAM is unreachable on the network.
For more information, see CSCsv71328.
Supported AV/AS Product List Enhancements (Version 73)
•
•
Cisco NAC Appliance Agent Enhancements
See Cisco NAC Appliance Agents for enhancement details per Agent version.
Cisco NAC Appliance Agents
This section consolidates information for Clean Access Agent and Cisco NAC Web Agent client software versions, as follows:
•
•
•
Refer to Resolved Caveats - Agent Version 4.1.8.0 for additional information.
Enhancements are cumulative and apply both to the version introducing the feature and to subsequent later versions, unless otherwise noted. For all Agents:
•
•
Note
•
–
–
–
–
For additional details refer to Known Issues for Cisco NAC Appliance and Troubleshooting for Agent-related information.
Windows Clean Access Agent Enhancements
This section contains the latest enhancements of the Windows Clean Access Agent. Enhancements are cumulative and apply both to the version introducing the feature and to subsequent later versions, unless otherwise noted.
Note
Windows Clean Access Agent Version 4.1.10.0
This section summarizes the latest enhancements for version 4.1.10.0 of the Windows Clean Access Agent. Refer to the following links for additional information:
•
•
•
Windows Clean Access Agent Version 4.1.8.0
This section summarizes the latest enhancements for version 4.1.8.0 of the Windows Clean Access Agent. Refer to the following links for additional information:
•
•
•
Mac OS X Clean Access Agent Enhancements
There are no new features or enhancements in the Mac OS X Agent version 4.1.3.1 for release 4.1(8).
Note
Cisco NAC Web Agent Enhancements
There are no new features or enhancements in the Cisco NAC Web Agent for Release 4.1(8). Refer to Resolved Caveats - Agent Version 4.1.10.0 for additional information.
See Release 4.1(8) Compatibility Matrix for general compatibility details.
Clean Access Supported AV/AS Product List
This section describes the Supported AV/AS Product List that is downloaded to the Clean Access Manager via Device Management > Clean Access > Updates > Update to provide the latest antivirus (AV) and anti-spyware (AS) product integration support for Cisco NAC Appliance Agents that support AV/AS posture assessment/remediation. The Supported AV/AS Product List is a versioned XML file distributed from a centralized update server that provides the most current matrix of supported AV/AS vendors and product versions used to configure AV/AS Rules and AV/AS Definition Update requirements.
The Supported AV/AS Product List contains information on which AV/AS products and versions are supported in each Windows Clean Access Agent release along with other relevant information. It is updated regularly to bring the relevant information up to date and to include newly added products for new releases. Cisco recommends keeping your list current, especially when you upload a new Agent Setup version or Agent Patch version to your CAM. Having the latest Supported AV/AS list ensures your AV/AS rule configuration pages list all the new products supported in the new Agent.
Note
The following charts list the AV and AS product/version support per client OS as of the latest Clean Access release:
•
•
•
The charts show which AV/AS product versions support virus or spyware definition checks and automatic update of client virus/spyware definition files via the user clicking the Update button on the Clean Access Agent.
For a summary of the product support that is added per version of the Supported AV/AS Product List or Clean Access Agent, see also:
•
You can access additional AV and AS product support information from the CAM web console under Device Management > Clean Access > Clean Access Agent > Rules > AV/AS Support Info.
Note
Note that Clean Access works in tandem with the installation schemes and mechanisms provided by supported AV/AS vendors. In the case of unforeseen changes to underlying mechanisms for AV/AS products by vendors, the Cisco NAC Appliance team will update the Supported AV/AS Product List and/or Clean Access Agent in the timeliest manner possible in order to support the new AV/AS product changes. In the meantime, administrators can always use the "custom" rule workaround for the AV/AS product (such as pc_checks/pr_ rules) and configure the requirement for "Any selected rule succeeds."
Clean Access AV Support Chart (Windows Vista/XP/2000)
Table 5 lists Windows Vista/XP/2000 Supported AV Products as of the latest release of the Cisco NAC Appliance software. (See Table 6 for Windows ME/98).
Table 5 Clean Access Antivirus Product Support Chart (Windows Vista/XP/2000)
Version 77, 4.1.10.0 Agent, CAM/CAS Release 4.1(8) (Sheet 1 of 15)
(Minimum Agent Version Needed)1TrustPort Antivirus
2.x
yes (4.0.6.0)
-
yes
avast! Antivirus
4.x
yes (3.5.10.1)
yes (3.5.10.1)
yes
avast! Antivirus (managed)
4.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
avast! Antivirus Professional
4.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
avast! Server Edition
4.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
AT&T Internet Security Suite AT&T Anti-Virus
6.x
yes (4.1.10.0)
-
yes
AVG 8.0 [AntiVirus]
8.x
yes (4.1.3.2)
yes (4.1.7.0)
yes
AVG Anti-Virus Free
8.x
yes (4.1.6.0)
yes (4.1.7.0)
yes
AhnLab Security Pack
2.x
yes (3.5.10.1)
yes (3.5.10.1)
yes
AhnLab V3 Internet Security 2007
7.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
AhnLab V3 Internet Security 2007 Platinum
7.x
yes (3.6.5.0)
yes (3.6.5.0)
yes
AhnLab V3 Internet Security 2008 Platinum
7.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
AhnLab V3 Internet Security 7.0 Platinum Enterprise
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
AhnLab V3 VirusBlock Internet Security 2007
7.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
V3 VirusBlock 2005
6.x
yes (4.1.2.0)
yes (4.1.2.0)
-
V3Pro 2004
6.x
yes (3.5.10.1)
yes (3.5.12)
yes
Aliant Business Security Suite Anti-Virus
6.x
yes (4.5.1.0)
-
yes
Aliant Business Security Suite Anti-Virus
7.x
yes (4.1.10.0)
-
-
Aliant Security Services Anti-Virus
7.x
yes (4.1.10.0)
-
-
AOL Safety and Security Center Virus Protection
1.x
yes (3.5.11.1)
yes (3.5.11.1)
-
AOL Safety and Security Center Virus Protection
102.x
yes (4.0.4.0)
yes (4.0.4.0)
-
AOL Safety and Security Center Virus Protection
2.x
yes (4.1.0.0)
yes (4.1.0.0)
-
AOL Safety and Security Center Virus Protection
210.x
yes (4.0.4.0)
yes (4.0.4.0)
-
Active Virus Shield
6.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Command Anti-Malware
5.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
Command Anti-Virus Enterprise
4.x
yes (3.5.0)
yes (3.5.0)
yes
Command AntiVirus for Windows
4.x
yes (3.5.0)
yes (3.5.0)
yes
Command AntiVirus for Windows Enterprise
4.x
yes (3.5.2)
yes (3.5.2)
yes
Cox High Speed Internet Security Suite
3.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
Avira AntiVir Personal - Free Antivirus
9.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
Avira AntiVir PersonalEdition Classic
7.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Avira AntiVir PersonalEdition Premium
7.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Avira AntiVir Premium
8.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
Avira AntiVir Premium
9.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
Avira AntiVir Professional
8.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
Avira AntiVir Professional
9.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
Avira AntiVir Windows Workstation
7.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Avira Premium Security Suite
7.x
yes (3.6.5.0)
yes (3.6.5.0)
yes
Avira Premium Security Suite
8.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
Avira Premium Security Suite
9.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
Rising Antivirus Network Edition
20.x
yes (4.1.7.0)
yes (4.1.7.0)
-
Rising Antivirus Software AV
17.x
yes (3.5.11.1)
yes (3.5.11.1)
yes
Rising Antivirus Software AV
18.x
yes (3.5.11.1)
yes (3.5.11.1)
yes
Rising Antivirus Software AV
19.x
yes (4.0.5.0)
yes (4.0.5.0)
yes
Rising Antivirus Software AV
20.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Rising Antivirus Software AV
21.x
yes (4.1.10.0)
yes (4.1.10.0)
-
BellSouth Internet Security Anti-Virus
5.x
yes (4.0.5.1)
yes (4.0.5.1)
-
BullGuard 7.0
7.x
yes (4.1.2.0)
yes (4.1.2.0)
-
BullGuard 8.0
8.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
BullGuard Gamers Edition
8.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Bullguard Internet Security Suite
8.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
Quick Heal AntiVirus Lite
9.5.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
Quick Heal AntiVirus Plus
10.x
yes (4.5.1.0)
yes (4.5.1.0)
yes
Quick Heal AntiVirus Plus
9.5.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
Quick Heal Total Security
10.x
yes (4.5.1.0)
yes (4.5.1.0)
yes
Quick Heal Total Security
9.5.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
ZoneAlarm (AntiVirus)
7.0.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
ZoneAlarm (AntiVirus)
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
ZoneAlarm Anti-virus
7.0.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
ZoneAlarm Anti-virus
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
ZoneAlarm Anti-virus
8.x
yes (4.5.1.0)
yes (4.5.1.0)
yes
ZoneAlarm Security Suite Antivirus
7.0.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
ZoneAlarm Security Suite Antivirus
7.x
yes (4.0.5.0)
yes (4.0.5.0)
yes
ZoneAlarm Security Suite Antivirus
8.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Cisco Security Agent
6.x
yes (4.5.1.0)
yes (4.1.10.0)
-
ClamAV
0.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
ClamAV
devel-x
yes (4.0.6.0)
yes (4.0.6.0)
yes
ClamWin Antivirus
0.x
yes (3.5.2)
yes (3.5.2)
yes
ClamWin Free Antivirus
0.x
yes (3.5.4)
yes (3.5.4)
yes
COMODO Internet Security
3.5.x
yes (4.1.8.0)
-
-
Comodo BOClean Anti-Malware
4.25.x
yes (4.1.6.0)
-
yes
CA Anti-Virus
10.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
CA Anti-Virus
8.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
CA Anti-Virus
9.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
CA eTrust Antivirus
7.x
yes (3.5.0)
yes (3.5.0)
yes
CA eTrust Internet Security Suite AntiVirus
7.x
yes (3.5.11)
yes (3.5.11)
yes
CA eTrustITM Agent
8.x
yes (3.5.12)
yes (3.5.12)
yes
eTrust Antivirus
6.0.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
eTrust EZ Antivirus
6.1.x
yes (3.5.3)
yes (3.5.8)
yes
eTrust EZ Antivirus
6.2.x
yes (3.5.0)
yes (3.5.0)
yes
eTrust EZ Antivirus
6.4.x
yes (3.5.0)
yes (3.5.0)
yes
eTrust EZ Antivirus
7.x
yes (3.5.0)
yes (3.5.0)
yes
eTrust EZ Armor
6.1.x
yes (3.5.0)
yes (3.5.8)
yes
eTrust EZ Armor
6.2.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
eTrust EZ Armor
7.x
yes (3.5.0)
yes (3.5.0)
yes
Defender Pro Anti-Virus
5.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
Aluria Security Center AntiVirus
1.x
yes (4.1.0.0)
yes (4.1.0.0)
-
EarthLink Protection Control Center AntiVirus
1.x
yes (3.5.10.1)
yes (3.5.10.1)
-
EarthLink Protection Control Center AntiVirus
2.x
yes (4.0.5.1)
yes (4.0.5.1)
-
EarthLink Protection Control Center AntiVirus
3.x
yes (4.1.3.0)
yes (4.1.3.0)
-
ESET NOD32 Antivirus
3.x
yes (4.1.3.2)
yes (4.1.3.2)
-
ESET NOD32 Antivirus
4.x
yes (4.1.10.0)
yes (4.1.10.0)
-
ESET Smart Security
3.x
yes (4.1.6.0)
yes (4.1.6.0)
-
ESET Smart Security
4.x
yes (4.1.10.0)
yes (4.1.10.0)
-
NOD32 Antivirus System
x
yes (4.1.3.2)
yes (4.1.3.2)
yes
NOD32 antivirus System
x
yes (4.1.3.2)
yes (4.1.3.2)
yes
NOD32 antivirus system
2.x
yes (3.5.5)
yes (3.5.5)
yes
NOD32 antivirus system
x
yes (4.1.3.2)
yes (4.1.3.2)
yes
F-Secure Anti-Virus
5.x
yes (3.5.0)
yes (3.5.0)
yes
F-Secure Anti-Virus
6.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
F-Secure Anti-Virus
7.x
yes (4.0.4.0)
yes (4.0.4.0)
-
F-Secure Anti-Virus
8.x
yes (4.1.8.0)
yes (4.1.8.0)
-
F-Secure Anti-Virus 2005
5.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
F-Secure Anti-Virus Client Security
6.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
F-Secure Anti-Virus for Windows Servers
5.x
yes (4.1.3.2)
yes (4.1.3.2)
-
F-Secure Internet Security
6.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
F-Secure Internet Security
7.x
yes (4.0.4.0)
yes (4.0.4.0)
-
F-Secure Internet Security
8.x
yes (4.1.6.0)
yes (4.1.6.0)
-
F-Secure Internet Security 2005
5.x
yes (4.1.3.0)
yes (4.1.3.0)
-
F-Secure Internet Security 2006 Beta
6.x
yes (3.5.8)
yes (3.5.8)
yes
FairPoint Security Suite Virus Protection
7.x
yes (4.1.10.0)
yes (4.1.10.0)
-
FortiClient Consumer Edition
3.x
yes (4.0.6.0)
yes (4.0.6.0)
yes
F-PROT Antivirus for Windows
6.0.x
yes (4.0.5.1)
yes (4.0.5.1)
-
F-Prot for Windows
3.14e
yes (3.5.0)
yes (3.5.0)
-
F-Prot for Windows
3.15
yes (3.5.0)
yes (3.5.0)
-
F-Prot for Windows
3.16c
yes (3.5.11)
yes (3.5.11)
-
F-Prot for Windows
3.16d
yes (3.5.11)
yes (3.5.11)
-
F-Prot for Windows
3.16x
yes (3.5.11.1)
yes (3.5.11.1)
-
AntiVirusKit 2006
2006.x
yes (4.1.0.0)
yes (4.1.0.0)
-
G DATA AntiVirenKit Client
8.x
yes (4.1.10.0)
yes (4.1.10.0)
-
G DATA AntiVirus 2008
18.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
G DATA AntiVirus 2009
19.x
yes (4.5.1.0)
yes (4.5.1.0)
yes
G DATA AntiVirusKit
17.x
yes (4.1.3.0)
yes (4.1.3.0)
-
G DATA InternetSecurity [Antivirus]
17.x
yes (4.1.3.0)
yes (4.1.3.0)
-
G DATA InternetSecurity [Antivirus]
18.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
G DATA InternetSecurity [Antivirus]
19.x
yes (4.5.1.0)
yes (4.5.1.0)
yes
G DATA TotalCare [Antivirus]
18.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
G DATA TotalCare [Antivirus]
19.x
yes (4.5.1.0)
yes (4.5.1.0)
yes
AVG 6.0 Anti-Virus - FREE Edition
6.x
yes (3.5.0)
yes (3.5.0)
-
AVG 6.0 Anti-Virus System
6.x
yes (3.5.0)
yes (3.5.0)
-
AVG 7.5
7.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
AVG Anti-Virus 7.0
7.x
yes (3.5.0)
yes (3.5.0)
yes
AVG Anti-Virus 7.1
7.x
yes (3.6.3.0)
yes (3.6.3.0)
yes
AVG Antivirensystem 7.0
7.x
yes (3.5.0)
yes (3.5.0)
yes
AVG Free Edition
7.x
yes (3.5.0)
yes (3.5.0)
yes
Antivirussystem AVG 6.0
6.x
yes (3.5.0)
yes (3.5.0)
-
AntiVir PersonalEdition Classic Windows
7.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
AntiVir/XP
6.x
yes (3.5.0)
yes (3.5.0)
yes
ViRobot Desktop
5.0.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
ViRobot Desktop
5.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
ViRobot Expert Ver 4.0
2006.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
IKARUS Guard NT
2.x
yes (4.0.6.0)
yes (4.0.6.0)
-
IKARUS virus utilities
5.x
yes (4.0.6.0)
yes (4.0.6.0)
-
Proventia Desktop
10.x
yes (4.1.6.0)
yes (4.1.6.0)
-
Proventia Desktop
8.x
yes (4.0.6.0)
-
-
Proventia Desktop
9.x
yes (4.0.6.0)
yes (4.0.6.0)
-
Jiangmin AntiVirus KV2007
10.x
yes (4.1.3.0)
-
yes
Jiangmin AntiVirus KV2008
11.x
yes (4.1.7.0)
-
yes
K7 Total Security
9.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
K7AntiVirus 7.0
7.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Kaspersky Anti-Virus 2006 Beta
6.0.x
yes (3.5.8)
yes (3.5.8)
-
Kaspersky Anti-Virus 2009
8.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Kaspersky Anti-Virus 6.0
6.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Kaspersky Anti-Virus 6.0 Beta
6.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Kaspersky Anti-Virus 7.0
7.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Kaspersky Anti-Virus Personal
4.5.x
yes (3.5.0)
yes (3.5.0)
yes
Kaspersky Anti-Virus Personal
5.0.x
yes (3.5.0)
yes (3.5.0)
yes
Kaspersky Anti-Virus Personal Pro
5.0.x
yes (3.5.11)
yes (3.5.11)
yes
Kaspersky Anti-Virus for Windows File Servers
5.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
Kaspersky Anti-Virus for Windows File Servers
6.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
Kaspersky Anti-Virus for Windows Servers
6.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
Kaspersky Anti-Virus for Windows Workstations
5.0.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
Kaspersky Anti-Virus for Windows Workstations
6.x
yes (4.0.6.0)
yes (4.0.6.0)
yes
Kaspersky Anti-Virus for Workstation
5.0.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
Kaspersky Internet Security
6.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Kaspersky Internet Security 7.0
7.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Kaspersky Internet Security 8.0
8.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
Kaspersky(TM) Anti-Virus Personal 4.5
4.5.x
yes (3.5.0)
yes (3.5.0)
yes
Kaspersky(TM) Anti-Virus Personal Pro 4.5
4.5.x
yes (3.5.0)
yes (3.5.0)
yes
Kingsoft AntiVirus 2004
2004.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Kingsoft AntiVirus 2007 Free
2007.x
yes (4.1.3.2)
yes (4.1.3.2)
-
Kingsoft Internet Security
7.x
yes (3.6.5.0)
yes (3.6.5.0)
yes
Kingsoft Internet Security 2006 +
2006.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Kingsoft Internet Security 9
2008.x
yes (4.1.7.0)
yes (4.1.7.0)
-
Lavasoft Ad-Aware 2008 Professional [Antivirus]
7.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
McAfee Internet Security 6.0
8.x
yes (3.5.4)
yes (3.5.4)
yes
McAfee Managed VirusScan
3.x
yes (3.5.8)
yes (3.5.8)
yes
McAfee Managed VirusScan
4.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
McAfee VirusScan
10.x
yes (3.5.4)
yes (3.5.4)
yes
McAfee VirusScan
11.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
McAfee VirusScan
12.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
McAfee VirusScan
13.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
McAfee VirusScan
4.5.x
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan
8.x
yes (3.5.1)
yes (3.5.1)
yes
McAfee VirusScan
8xxx
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan
9.x
yes (3.5.1)
yes (3.5.1)
yes
McAfee VirusScan
9xxx
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan Enterprise
7.0.x
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan Enterprise
7.1.x
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan Enterprise
7.5.x
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan Enterprise
8.0.x
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan Enterprise
8.7.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
McAfee VirusScan Enterprise
8.x
yes (3.6.5.0)
yes (3.6.5.0)
yes
McAfee VirusScan Home Edition
7.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
McAfee VirusScan Professional
8.x
yes (3.5.1)
yes (3.5.1)
yes
McAfee VirusScan Professional
8xxx
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan Professional
9.x
yes (3.5.1)
yes (3.5.1)
yes
McAfee VirusScan Professional Edition
7.x
yes (3.5.0)
yes (3.5.0)
yes
Total Protection for Small Business
4.7.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
Total Protection for Small Business
4.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
eScan Anti-Virus (AV) for Windows
8.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
eScan Corporate for Windows
8.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
eScan Internet Security for Windows
8.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
eScan Professional for Windows
8.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
eScan Virus Control (VC) for Windows
8.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
eScan Virus Control (VC) for Windows
9.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
Microsoft Forefront Client Security
1.5.x
yes (4.0.5.0)
yes (4.0.5.0)
-
Windows Live OneCare
1.x
yes (4.1.0.0)
yes (4.1.0.0)
-
Windows Live OneCare
2.x
yes (4.1.3.2)
yes (4.1.3.2)
-
Windows OneCare Live
0.8.x
yes (3.5.11.1)
-
-
Client Internet Security
5.x
yes (4.1.8.0)
yes (4.1.8.0)
-
Virus Chaser
5.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Norman Virus Control
5.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Norman Virus Control
6.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
Norman Virus Control
7.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
Omniquad Total Security AV
9.x
yes (4.1.7.0)
yes (4.1.7.0)
-
PC Tools AntiVirus 2.0
2.x
yes (4.1.3.0)
yes (4.1.3.0)
-
PC Tools AntiVirus 2007
3.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
PC Tools AntiVirus 2008
4.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
PC Tools AntiVirus 2008
5.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
PC Tools Internet Security [Antivirus]
5.x
yes (4.1.3.0)
yes (4.1.3.0)
-
PC Tools Internet Security [Antivirus]
6.x
yes (4.1.7.0)
yes (4.1.7.0)
-
PC Tools Spyware Doctor [Antivirus]
5.x
yes (4.1.3.2)
-
-
PC Tools Spyware Doctor [Antivirus]
6.x
yes (4.1.7.0)
-
-
Spyware Doctor [Antivirus]
5.x
yes (4.1.3.2)
yes (4.1.3.2)
-
ThreatFire 3.0
3.x
yes (4.1.3.0)
-
-
ThreatFire 3.5
3.5.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
ThreatFire 4.0
4.x
yes (4.1.8.0)
yes (4.1.8.0)
-
ThreatFire 4.1
4.x
yes (4.1.10.0)
-
-
Panda Antivirus + Firewall 2007
6.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
Panda Antivirus + Firewall 2008
7.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Panda Antivirus 2007
2.x
yes (4.0.4.0)
yes (4.0.4.0)
-
Panda Antivirus 2008
3.x
yes (4.0.6.1)
yes (4.0.6.1)
-
Panda Antivirus 6.0 Platinum
6
yes (3.5.0)
yes (3.5.0)
yes
Panda Antivirus Lite
1.x
yes (3.5.0)
yes (3.5.0)
-
Panda Antivirus Lite
3.x
yes (3.5.9)
yes (3.5.9)
-
Panda Antivirus Platinum
7.04.x
yes (3.5.0)
yes (3.5.0)
yes
Panda Antivirus Platinum
7.05.x
yes (3.5.0)
yes (3.5.0)
yes
Panda Antivirus Platinum
7.06.x
yes (3.5.0)
yes (3.5.0)
yes
Panda Antivirus Pro 2009
8.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Panda Client Shield
4.x
yes (4.0.4.0)
yes (4.0.4.0)
-
Panda Endpoint Protection
5.x
yes (4.1.10.0)
yes (4.1.10.0)
-
Panda Global Protection 2009
2.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
Panda Internet Security 2007
11.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
Panda Internet Security 2008
12.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
Panda Internet Security 2009
14.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Panda Platinum 2005 Internet Security
9.x
yes (3.5.3)
yes (3.5.3)
yes
Panda Platinum 2006 Internet Security
10.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
Panda Platinum Internet Security
8.03.x
yes (3.5.0)
yes (3.5.0)
yes
Panda Security for Desktops
4.x
yes (4.1.8.0)
yes (4.5.1.0)
-
Panda Titanium 2006 Antivirus + Antispyware
5.x
yes (3.5.10.1)
yes (3.5.10.1)
yes
Panda Titanium Antivirus 2004
3.00.00
yes (3.5.0)
yes (3.5.0)
yes
Panda Titanium Antivirus 2004
3.01.x
yes (3.5.0)
yes (3.5.0)
yes
Panda Titanium Antivirus 2004
3.02.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Panda Titanium Antivirus 2005
4.x
yes (3.5.1)
yes (3.5.1)
yes
Panda TruPrevent Personal 2005
2.x
yes (3.5.3)
yes (3.5.3)
yes
Panda TruPrevent Personal 2006
3.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
WebAdmin Client Antivirus
3.x
yes (3.5.11)
yes (3.5.11)
-
Parallels Internet Security
7.x
yes (4.5.1.0)
yes (4.1.10.0)
yes
Radialpoint Security Services Virus Protection
6.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Radialpoint Security Services Virus Protection
7.x
yes (4.1.7.0)
yes (4.1.7.0)
-
Radialpoint Security Services Virus Protection
8.x
yes (4.1.8.0)
yes (4.1.8.0)
-
Radialpoint Virus Protection
5.x
yes (4.0.5.1)
yes (4.0.5.1)
-
Zero-Knowledge Systems Radialpoint Security Services Virus Protection
6.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
BitDefender 8 Free Edition
8.x
yes (3.5.8)
yes (3.5.8)
-
BitDefender 8 Professional Plus
8.x
yes (3.5.0)
yes (3.5.0)
-
BitDefender 8 Standard
8.x
yes (3.5.0)
yes (3.5.0)
-
BitDefender 9 Internet Security AntiVirus
9.x
yes (3.5.11.1)
yes (3.5.11.1)
-
BitDefender 9 Professional Plus
9.x
yes (3.5.8)
yes (3.5.8)
yes
BitDefender 9 Standard
9.x
yes (3.5.8)
yes (3.5.8)
yes
BitDefender Antivirus 2008
11.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
BitDefender Antivirus 2009
12.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
BitDefender Antivirus Plus v10
10.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
BitDefender Antivirus v10
10.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
BitDefender Business Client
11.x
yes (4.1.10.0)
yes (4.1.10.0)
-
BitDefender Client Professional Plus
8.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
BitDefender Free Edition
7.x
yes (3.5.0)
yes (3.5.0)
-
BitDefender Free Edition v10
10.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
BitDefender Internet Security 2008
11.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
BitDefender Internet Security 2009
12.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
BitDefender Internet Security v10
10.x
yes (4.0.4.0)
yes (4.0.4.0)
yes
BitDefender Professional Edition
7.x
yes (3.5.0)
yes (3.5.0)
-
BitDefender Standard Edition
7.x
yes (3.5.0)
yes (3.5.0)
-
BitDefender Total Security 2008
11.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
BitDefender Total Security 2009
12.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Dr.Web
4.32.x
yes (3.5.0)
yes (3.5.0)
yes
Dr.Web
4.33.x
yes (3.5.11.1)
yes (3.5.11.1)
yes
Dr.Web
4.44.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Dr.Web
5.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
SecureIT [Antivirus]
1.x
yes (4.1.7.0)
yes (4.1.7.0)
-
Sereniti Antivirus
1.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
The River Home Network Security Suite
1.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
Sophos Anti-Virus
3.x
yes (3.5.3)
yes (3.5.3)
-
Sophos Anti-Virus
4.x
yes (3.6.3.0)
yes (3.6.3.0)
-
Sophos Anti-Virus
5.x
yes (3.5.3)
yes (3.5.3)
yes
Sophos Anti-Virus
6.x
yes (4.0.1.0)
yes (4.0.1.0)
yes
Sophos Anti-Virus
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
Sophos Anti-Virus version 3.80
3.8
yes (3.5.0)
yes (3.5.0)
-
Sunbelt VIPRE Enterprise Agent
3.x
yes (4.1.10.0)
yes (4.1.10.0)
-
VIPRE Antivirus
3.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
Norton 360 (Symantec Corporation)
1.x
yes (4.1.1.0)
yes (4.1.1.0)
yes
Norton 360 (Symantec Corporation)
2.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
Norton 360 (Symantec Corporation)
3.x
yes (4.1.8.0)
yes (4.1.8.0)
-
Norton AntiVirus
10.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus
14.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Norton AntiVirus
15.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
Norton AntiVirus
16.x
yes (4.1.7.0)
yes (4.1.7.0)
-
Norton AntiVirus 2002
8.00.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2002
8.x
yes (3.5.1)
yes (3.5.1)
yes
Norton AntiVirus 2002 Professional
8.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2002 Professional Edition
8.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2003
9.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2003 Professional
9.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2003 Professional Edition
9.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2004
10.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2004 (Symantec Corporation)
10.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2004 Professional
10.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2004 Professional Edition
10.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2005
11.0.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2006
12.0.x
yes (3.5.5)
yes (3.5.5)
yes
Norton AntiVirus 2006
12.x
yes (3.5.5)
yes (3.5.5)
yes
Norton AntiVirus Corporate Edition
7.x
yes (3.5.1)
yes (3.5.1)
yes
Norton Internet Security
16.x
yes (4.1.7.0)
yes (4.1.7.0)
-
Norton Internet Security
7.x
yes (3.5.0)
yes (3.5.0)
yes
Norton Internet Security
8.0.x
yes (3.5.0)
yes (3.5.0)
yes
Norton Internet Security
8.2.x
yes (3.5.1)
yes (3.5.1)
yes
Norton Internet Security
8.x
yes (3.5.1)
yes (3.5.1)
yes
Norton Internet Security
9.x
yes (3.5.10.1)
yes (3.5.10.1)
yes
Norton Internet Security (Symantec Corporation)
10.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Norton Security Scan
1.x
yes (4.1.3.0)
yes (4.1.3.0)
-
Norton SystemWorks 2003
6.x
yes (3.5.3)
yes (3.5.3)
yes
Norton SystemWorks 2004 Professional
7.x
yes (3.5.4)
yes (3.5.4)
yes
Norton SystemWorks 2005
8.x
yes (3.5.3)
yes (3.5.3)
yes
Norton SystemWorks 2005 Premier
8.x
yes (3.5.3)
yes (3.5.3)
yes
Norton SystemWorks 2006 Premier
12.0.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Symantec AntiVirus
10.x
yes (3.5.3)
yes (3.5.3)
yes
Symantec AntiVirus
9.x
yes (3.5.0)
yes (3.5.0)
yes
Symantec AntiVirus Client
8.x
yes (3.5.0)
yes (3.5.0)
yes
Symantec AntiVirus Server
8.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Symantec AntiVirus Win64
10.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
Symantec Client Security
10.x
yes (3.5.3)
yes (3.5.3)
yes
Symantec Client Security
9.x
yes (3.5.0)
yes (3.5.0)
yes
Symantec Endpoint Protection
11.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
Symantec Scan Engine
5.x
yes (4.0.5.1)
yes (4.0.5.1)
-
TELUS security services Anti-Virus
7.x
yes (4.1.10.0)
-
-
PC-cillin 2002
9.x
yes (3.5.1)
yes (3.5.1)
-
PC-cillin 2003
10.x
yes (3.5.0)
yes (3.5.0)
-
ServerProtect
5.x
yes (4.1.0.0)
yes (3.6.5.0)
-
Trend Micro Anti-Virus
17.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Trend Micro AntiVirus
15.x
yes (3.6.5.0)
yes (3.6.5.0)
-
Trend Micro AntiVirus
16.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Trend Micro Antivirus
11.x
yes (3.5.0)
yes (3.5.0)
yes
Trend Micro Client/Server Security
6.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Trend Micro Client/Server Security Agent
15.x
yes (4.1.6.0)
yes (4.1.6.0)
-
Trend Micro Client/Server Security Agent
7.x
yes (3.5.12)
yes (3.5.12)
yes
Trend Micro HouseCall
1.x
yes (4.0.1.0)
yes (4.0.1.0)
-
Trend Micro Internet Security
11.x
yes (3.5.0)
yes (3.5.0)
yes
Trend Micro Internet Security
12.x
yes (3.5.0)
yes (3.5.0)
-
Trend Micro Internet Security
16.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Trend Micro Internet Security
17.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
Trend Micro OfficeScan Client
5.x
yes (3.5.1)
yes (3.5.1)
yes
Trend Micro OfficeScan Client
6.x
yes (3.5.1)
yes (3.5.1)
yes
Trend Micro OfficeScan Client
7.x
yes (3.5.3)
yes (3.5.3)
yes
Trend Micro OfficeScan Client
8.x
yes (4.0.5.0)
yes (4.0.5.0)
yes
Trend Micro PC-cillin 2004
11.x
yes (3.5.0)
yes (3.5.0)
yes
Trend Micro PC-cillin Internet Security 12
12.x
yes (4.0.1.0)
yes (4.0.1.0)
-
Trend Micro PC-cillin Internet Security 14
14.x
yes (4.0.1.0)
yes (4.0.1.0)
yes
Trend Micro PC-cillin Internet Security 2005
12.x
yes (3.5.3)
yes (3.5.3)
yes
Trend Micro PC-cillin Internet Security 2006
14.x
yes (3.5.8)
yes (3.5.8)
yes
Trend Micro PC-cillin Internet Security 2007
15.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
TrustPort Antivirus
2.8.x
yes (4.1.10.0)
-
yes
Fix-It Utilities 7 Professional [AntiVirus]
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
Fix-It Utilities 8 Professional [AntiVirus]
8.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
SystemSuite 7 Professional [AntiVirus]
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
SystemSuite 8 Professional [AntiVirus]
8.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
SystemSuite 9 Professional
9.x
yes (4.1.8.0)
yes (4.1.8.0)
-
VCOM Fix-It Utilities Professional 6 [AntiVirus]
6.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
VCOM SystemSuite Professional 6 [AntiVirus]
6.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Verizon Internet Security Suite Anti-Virus
5.x
yes (4.0.5.1)
yes (4.0.5.1)
-
Verizon Internet Security Suite Anti-Virus
7.x
yes (4.5.1.0)
yes (4.5.1.0)
-
Verizon Internet Security Suite Anti-Virus
8.x
yes (4.1.10.0)
yes (4.1.10.0)
-
Vba32 Personal
3.x
yes (4.1.6.0)
yes (4.1.6.0)
-
VirusBuster Professional
5.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
VirusBuster for Windows Servers
5.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
Webroot AntiVirus
6.x
yes (4.1.8.0)
yes (4.1.8.0)
-
Webroot Spy Sweeper Enterprise Client with AntiVirus
4.x
yes (4.1.3.2)
-
-
Webroot Spy Sweeper with AntiVirus
5.x
yes (4.1.3.0)
yes (4.1.3.0)
-
AT&T Yahoo! Online Protection [AntiVirus]
7.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
SBC Yahoo! Anti-Virus
7.x
yes (3.5.10.1)
yes (3.5.10.1)
yes
Verizon Yahoo! Online Protection [AntiVirus]
7.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
ZoneAlarm Anti-virus
6.x
yes (3.5.5)
yes (3.5.5)
-
ZoneAlarm Security Suite
5.x
yes (3.5.0)
yes (3.5.0)
-
ZoneAlarm Security Suite
6.x
yes (3.5.5)
yes (3.5.5)
-
ZoneAlarm with Antivirus
5.x
yes (3.5.0)
yes (3.5.0)
-
eEye Digital Security Blink Personal
3.x
yes (4.0.6.0)
yes (4.0.6.0)
yes
eEye Digital Security Blink Personal
4.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
eEye Digital Security Blink Professional
3.x
yes (4.0.6.0)
yes (4.0.6.0)
yes
eEye Digital Security Blink Professional
4.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
iolo AntiVirus
1.x
yes (4.1.8.0)
yes (4.1.8.0)
-
1 "Yes" in the AV Checks Supported columns indicates the Agent supports the AV Rule check for the product starting from the version of the Agent listed in parentheses (CAM automatically determines whether to use Def Version or Def Date for the check).
2 The Live Update column indicates whether the Agent supports live update for the product via the Agent Update button (configured by AV Definition Update requirement type). For products that support "Live Update," the Agent launches the update mechanism of the AV product when the Update button is clicked. For products that do not support this feature, the Agent displays a message popup. In this case, administrators can configure a different requirement type (such as "Local Check") to present alternate update instructions to the user.
3 For Symantec Enterprise products, the Clean Access Agent can initiate AV Update when Symantec Antivirus is in unmanaged mode. If using Symantec AV in managed mode, the administrator must allow/deny managed clients to run LiveUpdate via the Symantec management console (right-click the primary server, go to All Tasks -> Symantec Antivirus, select Definition Manager, and configure the policy to allow clients to launch LiveUpdate for agents managed by that management server.) If managed clients are not allowed to run LiveUpdate, the update button will be disabled on the Symantec GUI on the client, and updates can only be pushed from the server.
Clean Access AV Support Chart (Windows ME/98)
Table 6 lists Windows ME/98 Supported AV Products as of the latest release of the Cisco NAC Appliance software. (See Table 5 for Windows Vista/XP/2000.)
Table 6 Clean Access Antivirus Product Support Chart (Windows ME/98)
Version 77, 4.1.10.0 Agent, CAM/CAS Release 4.1(8) (Sheet 1 of 2)
(Minimum Agent Version Needed)1Rising Antivirus Software AV
18.x
yes (4.0.5.0)
yes (4.0.5.0)
yes
CA eTrust Antivirus
7.x
yes (3.5.3)
yes (3.5.3)
yes
eTrust EZ Antivirus
6.1.x
yes (3.5.0)
yes (3.5.8)
yes
eTrust EZ Antivirus
6.2.x
yes (3.5.0)
yes (3.5.0)
yes
eTrust EZ Antivirus
6.4.x
yes (3.5.0)
yes (3.5.0)
yes
eTrust EZ Antivirus
7.x
yes (3.5.3)
yes (3.5.3)
yes
eTrust EZ Armor
6.1.x
yes (3.5.3)
yes (3.5.8)
yes
McAfee Managed VirusScan
3.x
yes (3.5.8)
yes (3.5.8)
yes
McAfee VirusScan
10.x
yes (3.5.4)
yes (3.5.4)
yes
McAfee VirusScan
4.5.x
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan
8.x
yes (3.5.3)
yes (3.5.3)
yes
McAfee VirusScan
9.x
yes (3.5.3)
yes (3.5.3)
yes
McAfee VirusScan Professional
8.x
yes (3.5.3)
yes (3.5.3)
yes
McAfee VirusScan Professional
8xxx
yes (3.5.0)
yes (3.5.0)
yes
McAfee VirusScan Professional
9.x
yes (3.5.3)
yes (3.5.3)
yes
McAfee VirusScan Professional Edition
7.x
yes (3.5.0)
yes (3.5.0)
yes
BitDefender 8 Free Edition
8.x
yes (3.5.8)
yes (3.5.8)
-
BitDefender 8 Professional Plus
8.x
yes (3.5.0)
yes (3.5.0)
-
BitDefender 8 Standard
8.x
yes (3.5.0)
yes (3.5.0)
-
BitDefender 9 Professional Plus
9.x
yes (3.5.8)
yes (3.5.8)
-
BitDefender 9 Standard
9.x
yes (3.5.8)
yes (3.5.8)
-
BitDefender Free Edition
7.x
yes (3.5.0)
yes (3.5.0)
-
BitDefender Professional Edition
7.x
yes (3.5.0)
yes (3.5.0)
-
BitDefender Standard Edition
7.x
yes (3.5.0)
yes (3.5.0)
-
Norton AntiVirus
10.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2002
8.00.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2002
8.x
yes (3.5.1)
yes (3.5.1)
yes
Norton AntiVirus 2003
9.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2003 Professional Edition
9.x
yes (3.5.3)
yes (3.5.3)
yes
Norton AntiVirus 2004
10.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2004 (Symantec Corporation)
10.x
yes (3.5.0)
yes (3.5.0)
yes
Norton AntiVirus 2005
11.0.x
yes (3.5.0)
yes (3.5.0)
yes
Norton Internet Security
8.0.x
yes (3.5.0)
yes (3.5.0)
yes
Norton Internet Security
8.x
yes (3.5.1)
yes (3.5.1)
yes
Symantec AntiVirus
10.x
yes (4.0.5.0)
yes (4.0.5.0)
yes
Symantec AntiVirus
9.x
yes (3.5.8)
yes (3.5.3)
yes
Symantec AntiVirus Client
8.x
yes (3.5.9)
yes (3.5.9)
yes
PC-cillin 2003
10.x
yes (3.5.0)
yes (3.5.0)
-
Trend Micro Internet Security
11.x
yes (3.5.0)
yes (3.5.0)
-
Trend Micro Internet Security
12.x
yes (3.5.0)
yes (3.5.0)
-
Trend Micro OfficeScan Client
7.x
yes (4.0.5.0)
yes (4.0.5.0)
-
Trend Micro PC-cillin 2004
11.x
yes (3.5.0)
yes (3.5.0)
-
Trend Micro PC-cillin Internet Security 2005
12.x
yes (3.5.3)
yes (3.5.3)
-
1 "Yes" in the AV Checks Supported columns indicates the Agent supports the AV Rule check for the product starting from the version of the Agent listed in parentheses (CAM automatically determines whether to use Def Version or Def Date for the check).
2 The Live Update column indicates whether the Agent supports live update for the product via the Agent Update button (configured by AV Definition Update requirement type). For products that support "Live Update," the Agent launches the update mechanism of the AV product when the Update button is clicked. For products that do not support this feature, the Agent displays a message popup. In this case, administrators can configure a different requirement type (such as "Local Check") to present alternate update instructions to the user.
3 For Symantec Enterprise products, the Clean Access Agent can initiate AV Update when Symantec Antivirus is in unmanaged mode. If using Symantec AV in managed mode, the administrator must allow/deny managed clients to run LiveUpdate via the Symantec management console (right-click the primary server, go to All Tasks -> Symantec Antivirus, select Definition Manager, and configure the policy to allow clients to launch LiveUpdate for agents managed by that management server.) If managed clients are not allowed to run LiveUpdate, the update button will be disabled on the Symantec GUI on the client, and updates can only be pushed from the server.
Clean Access AS Support Chart (Windows Vista/XP/2000)
Table 7 lists Windows Vista/XP/2000 Supported Antispyware Products as of the latest release of the Cisco Clean Access software.
Table 7 Clean Access Antispyware Product Support Chart (Windows Vista/XP/2000)
Version 77, 4.1.10.0 Agent, CAM/CAS Release 4.1(8) (Sheet 1 of 8)
(Minimum Agent Version Needed)1AT&T Internet Security Suite AT&T Anti-Spyware
6.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
AVG 8.0 [AntiSpyware]
8.x
yes (4.1.3.2)
yes (4.1.8.0)
yes
AVG Anti-Virus Free [AntiSpyware]
8.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
Outpost Firewall Pro 2008 [AntiSpyware]
6.x
yes (4.1.3.2)
yes (4.1.3.2)
-
AhnLab SpyZero 2.0
2.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
AhnLab SpyZero 2007
3.x
yes (3.6.5.0)
yes (3.6.5.0)
yes
AhnLab V3 Internet Security 2007 Platinum AntiSpyware
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
AhnLab V3 Internet Security 2008 Platinum AntiSpyware
7.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
AhnLab V3 Internet Security 7.0 Platinum Enterprise AntiSpyware
7.x
yes (4.1.2.0)
yes (4.1.2.0)
yes
Aliant Business Security Suite Anti-Spyware
6.x
yes (4.5.1.0)
yes (4.5.1.0)
yes
Aliant Business Security Suite Anti-Spyware
7.x
yes (4.1.10.0)
yes (4.1.10.0)
-
Aliant Security Services Anti-Spyware
7.x
yes (4.1.10.0)
yes (4.1.10.0)
-
AOL Safety and Security Center Spyware Protection
2.0.x
yes (4.1.0.0)
-
-
AOL Safety and Security Center Spyware Protection
2.1.x
yes (4.1.0.0)
yes (4.1.0.0)
-
AOL Safety and Security Center Spyware Protection
2.2.x
yes (4.1.0.0)
yes (4.1.0.0)
-
AOL Safety and Security Center Spyware Protection
2.3.x
yes (4.1.0.0)
yes (4.1.0.0)
-
AOL Safety and Security Center Spyware Protection
2.x
yes (3.6.1.0)
yes (3.6.1.0)
-
AOL Spyware Protection
1.x
yes (3.6.0.0)
yes (3.6.0.0)
-
AOL Spyware Protection
2.x
yes (3.6.0.0)
yes (4.1.3.0)
-
Anonymizer Anti-Spyware
1.x
yes (4.1.0.0)
yes (4.1.0.0)
-
Anonymizer Anti-Spyware
3.x
yes (4.1.0.0)
yes (4.1.0.0)
-
Cox High Speed Internet Security Suite
3.x
yes (4.0.4.0)
-
yes
BellSouth Internet Security Anti-Spyware
5.x
yes (4.0.5.1)
yes (4.0.5.1)
-
BigFix AntiPest
2.x
yes (4.1.10.0)
-
-
Quick Heal AntiVirus Plus [AntiSpyware]
10.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
Quick Heal Total Security [AntiSpyware]
10.x
yes (4.1.10.0)
yes (4.1.10.0)
yes
ZoneAlarm (AntiSpyware)
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
ZoneAlarm Anti-Spyware
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
ZoneAlarm Pro Antispyware
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
ZoneAlarm Pro Antispyware
8.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
ZoneAlarm Security Suite Antispyware
7.x
yes (4.0.5.0)
yes (4.0.5.0)
yes
ZoneAlarm Security Suite Antispyware
8.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
CA eTrust Internet Security Suite AntiSpyware
10.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
CA eTrust Internet Security Suite AntiSpyware
11.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
CA eTrust Internet Security Suite AntiSpyware
5.x
yes (3.6.1.0)
yes (3.6.1.0)
yes
CA eTrust Internet Security Suite AntiSpyware
8.x
yes (4.1.2.0)
yes (4.1.2.0)
yes
CA eTrust Internet Security Suite AntiSpyware
9.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
CA eTrust PestPatrol
5.x
yes (3.6.1.0)
yes (4.0.6.0)
yes
CA eTrust PestPatrol Anti-Spyware
8.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
CA eTrust PestPatrol Anti-Spyware Corporate Edition
5.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
CA eTrustITM Agent (AntiSpyware)
8.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
PestPatrol Corporate Edition
4.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
PestPatrol Standard Edition (Evaluation)
4.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
Aluria Security Center AntiSpyware
1.x
yes (4.1.0.0)
yes (4.1.0.0)
-
EarthLink Protection Control Center AntiSpyware
1.x
yes (3.6.0.0)
yes (3.6.0.0)
-
EarthLink Protection Control Center AntiSpyware
2.x
yes (4.0.6.0)
-
-
EarthLink Protection Control Center AntiSpyware
3.x
yes (4.1.3.0)
-
-
Primary Response SafeConnect
2.x
yes (3.6.5.0)
-
-
F-Secure (AntiSpyware)
7.x
yes (4.1.3.0)
yes (4.1.3.0)
-
F-Secure Anti-Virus (AntiSpyware)
8.x
yes (4.1.8.0)
yes (4.1.8.0)
-
F-Secure Internet Security (AntiSpyware)
7.x
yes (4.1.3.0)
yes (4.1.3.0)
-
F-Secure Internet Security (AntiSpyware)
8.x
yes (4.1.7.0)
yes (4.1.7.0)
-
X-Cleaner Deluxe
4.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
FairPoint Security Suite Spyware Protection
7.x
yes (4.1.10.0)
yes (4.1.10.0)
-
AVG Anti-Malware [AntiSpyware]
7.x
yes (4.1.2.0)
-
-
AVG Anti-Spyware 7.5
7.x
yes (4.0.5.1)
yes (4.0.5.1)
-
Javacool SpywareBlaster
4.x
yes (4.1.6.0)
yes (4.1.6.0)
-
SpywareBlaster v3.1
3.1.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
SpywareBlaster v3.2
3.2.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
SpywareBlaster v3.3
3.3.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
SpywareBlaster v3.4
3.4.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
SpywareBlaster v3.5.1
3.5.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Bazooka Scanner
1.x
yes (4.1.8.0)
-
-
Kingsoft AntiSpyware 2007 Free
2007.x
yes (4.1.3.2)
yes (4.1.3.2)
-
Kingsoft Internet Security 9 [AntiSpyware]
2008.x
yes (4.1.10.0)
-
-
Kingsoft Internet Security [AntiSpyware]
7.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
Ad-Aware
8.x
yes (4.1.10.0)
-
yes
Ad-Aware 2007
7.x
yes (4.1.3.0)
-
-
Ad-Aware 2007 Professional
7.x
yes (4.0.6.1)
-
yes
Ad-Aware SE Personal
1.x
yes (3.6.0.0)
yes (3.6.0.0)
-
Ad-Aware SE Professional
1.x
yes (3.6.1.0)
yes (3.6.1.0)
yes
Ad-aware 6 Professional
6.x
yes (3.6.0.0)
yes (3.6.0.0)
-
Lavasoft Ad-Aware 2008
7.x
yes (4.1.6.0)
-
-
Lavasoft Ad-Aware 2008 Professional
7.x
yes (4.1.6.0)
-
yes
Malwarebytes Anti-Malware
1.x
yes (4.1.8.0)
-
yes
Spy Killer
5.x
yes (4.1.8.0)
yes (4.1.10.0)
-
McAfee Anti-Spyware Enterprise Module
8.0.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
McAfee AntiSpyware
1.5.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
McAfee AntiSpyware
1.x
yes (3.6.0.0)
yes (4.1.0.0)
yes
McAfee AntiSpyware
2.0.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
McAfee AntiSpyware
2.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
McAfee AntiSpyware Enterprise
8.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
McAfee AntiSpyware Enterprise Module
8.5.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
McAfee AntiSpyware Enterprise Module
8.7.x
yes (4.1.6.0)
yes (4.1.6.0)
yes
McAfee VirusScan AS
11.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
McAfee VirusScan AS
12.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
McAfee VirusScan AS
13.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
Spyware Begone
4.x
yes (3.6.0.0)
-
-
Spyware Begone
6.x
yes (4.1.0.0)
-
-
Spyware Begone
8.x
yes (4.1.0.0)
-
-
Spyware Begone Free Scan
7.x
yes (3.6.0.0)
-
-
Spyware Begone V7.30
7.30.x
yes (3.6.1.0)
-
-
Spyware Begone V7.40
7.40.x
yes (3.6.1.0)
-
-
Spyware Begone V7.95
7.95.x
yes (4.1.0.0)
-
-
Spyware Begone V8.20
8.20.x
yes (4.1.0.0)
-
-
Spyware Begone V8.25
8.25.x
yes (4.1.0.0)
-
-
Spyware Begone! Version 9
9.x
yes (4.1.3.2)
-
-
Microsoft AntiSpyware
1.x
yes (4.0.6.0)
-
yes
Windows Defender
1.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Windows Defender Vista
1.x
yes (4.0.5.0)
yes (4.0.5.0)
yes
Spy Emergency 2008
5.x
yes (4.1.7.0)
-
-
Omniquad Total Security
2.0.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Omniquad Total Security
3.0.x
yes (4.1.7.0)
yes (4.1.7.0)
-
PC Tools Internet Security [Antispyware]
5.x
yes (4.1.3.0)
-
-
PC Tools Internet Security [Antispyware]
6.x
yes (4.1.7.0)
-
-
PC Tools Spyware Doctor
5.x
yes (4.1.3.2)
-
yes
PC Tools Spyware Doctor
6.x
yes (4.1.7.0)
-
yes
Spyware Doctor
4.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Spyware Doctor
5.x
yes (4.0.6.0)
-
yes
Spyware Doctor 3.0
3.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
Spyware Doctor 3.1
3.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
Spyware Doctor 3.2
3.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
Spyware Doctor 3.5
3.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Spyware Doctor 3.8
3.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Spyware Doctor [AntiSpyware]
5.x
yes (4.1.3.2)
-
yes
Panda Titanium 2006 Antivirus + Antispyware [AntiSpyware]
5.x
yes (4.1.3.2)
yes (4.1.3.2)
-
Prevx 2.0 Agent
1.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
Prevx Home
2.x
yes (3.6.0.0)
yes (3.6.0.0)
-
Prevx1
1.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Prevx1
2.x
yes (4.1.0.0)
yes (4.1.0.0)
yes
Radialpoint Security Services Spyware Protection
6.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Radialpoint Security Services Spyware Protection
7.x
yes (4.1.7.0)
yes (4.1.7.0)
-
Radialpoint Security Services Spyware Protection
8.x
yes (4.1.8.0)
yes (4.1.8.0)
-
Radialpoint Spyware Protection
5.x
yes (4.0.5.1)
yes (4.0.5.1)
-
Zero-Knowledge Systems Radialpoint Security Services Spyware Protection
6.x
yes (4.0.6.0)
yes (4.0.6.0)
yes
BitDefender 9 Antispyware
9.x
yes (4.1.0.0)
yes (4.1.0.0)
-
BitDefender 9 Internet Security AS
9.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
BitDefender Antivirus Plus v10 AS
10.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
BitDefender Antivirus v10 AS
10.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
BitDefender Internet Security v10 AS
10.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
SUPERAntiSpyware Free Edition
4.x
yes (4.1.7.0)
yes (4.1.7.0)
-
SUPERAntiSpyware Professional
4.x
yes (4.1.7.0)
yes (4.1.7.0)
-
Spybot - Search & Destroy 1.3
1.3
yes (3.6.0.0)
yes (3.6.0.0)
yes
Spybot - Search & Destroy 1.4
1.4
yes (3.6.0.0)
yes (3.6.0.0)
yes
Spybot - Search & Destroy 1.5
1.x
yes (4.0.6.1)
yes (4.0.6.1)
-
Spybot - Search & Destroy 1.6
1.6.x
yes (4.1.7.0)
yes (4.1.7.0)
yes
SecureIT [AntiSpyware]
1.x
yes (4.1.8.0)
yes (4.1.8.0)
-
Sereniti Antispyware
1.x
yes (4.0.6.0)
-
yes
The River Home Network Security Suite Antispyware
1.x
yes (4.0.6.0)
-
yes
CounterSpy Enterprise Agent
1.8.x
yes (4.0.6.0)
-
-
CounterSpy Enterprise Agent
2.0.x
yes (4.1.3.0)
-
-
Sunbelt CounterSpy
1.x
yes (3.6.0.0)
-
yes
Sunbelt CounterSpy
2.x
yes (4.0.6.0)
-
yes
Norton 360 [AntiSpyware]
3.x
yes (4.1.8.0)
yes (4.1.8.0)
-
Norton AntiVirus [AntiSpyware]
15.x
yes (4.1.10.0)
yes (4.1.10.0)
-
Norton AntiVirus [AntiSpyware]
16.x
yes (4.1.7.0)
yes (4.1.10.0)
-
Norton Internet Security AntiSpyware
15.x
yes (4.1.3.0)
yes (4.1.10.0)
-
Norton Internet Security [AntiSpyware]
16.x
yes (4.1.7.0)
yes (4.1.10.0)
-
Norton Spyware Scan
2.x
yes (4.1.0.0)
yes (4.1.0.0)
-
TELUS security services Anti-Spyware
7.x
yes (4.1.10.0)
yes (4.1.10.0)
-
SpyCatcher Express
4.x
yes (4.1.8.0)
yes (4.1.8.0)
-
Trend Micro Anti-Spyware
3.5.x
yes (4.0.5.1)
yes (4.0.5.1)
-
Trend Micro Anti-Spyware
3.x
yes (3.6.0.0)
-
-
Trend Micro OfficeScan Client (AntiSpyware)
8.x
yes (4.1.8.0)
yes (4.1.8.0)
yes
Trend Micro PC-cillin Internet Security 2007 AntiSpyware
15.x
yes (4.1.0.0)
yes (4.1.3.2)
yes
Fix-It Utilities 7 Professional [AntiSpyware]
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
Fix-It Utilities 8 Professional [AntiSpyware]
8.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
SystemSuite 7 Professional [AntiSpyware]
7.x
yes (4.0.5.1)
yes (4.0.5.1)
yes
SystemSuite 8 Professional [AntiSpyware]
8.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
VCOM Fix-It Utilities Professional 6 [AntiSpyware]
6.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
VCOM SystemSuite Professional 6 [AntiSpyware]
6.x
yes (4.1.3.0)
yes (4.1.3.0)
yes
Verizon Internet Security Suite Anti-Spyware
5.x
yes (4.0.5.1)
yes (4.0.5.1)
-
Verizon Internet Security Suite Anti-Spyware
7.x
yes (4.5.1.0)
yes (4.5.1.0)
-
Verizon Internet Security Suite Anti-Spyware
8.x
yes (4.1.10.0)
yes (4.1.10.0)
-
Spy Sweeper
3.x
yes (3.6.0.0)
-
-
Spy Sweeper
4.x
yes (3.6.0.0)
-
-
Spy Sweeper
5.0.x
yes (4.1.3.0)
-
-
Spy Sweeper
5.x
yes (4.1.0.0)
-
-
Spy Sweeper
6.x
yes (4.1.8.0)
-
-
Webroot Spy Sweeper Enterprise Client
1.x
yes (3.6.0.0)
-
-
Webroot Spy Sweeper Enterprise Client
2.x
yes (3.6.1.0)
-
-
Webroot Spy Sweeper Enterprise Client
3.5.x
yes (4.1.3.2)
-
-
Webroot Spy Sweeper Enterprise Client
3.x
yes (4.0.5.1)
-
-
AT&T Yahoo! Online Protection
2006.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
CA Yahoo! Anti-Spy
2.x
yes (4.1.3.2)
yes (4.1.7.0)
yes
SBC Yahoo! Applications
2005.x
yes (3.6.0.0)
yes (3.6.0.0)
yes
Verizon Yahoo! Online Protection
2005.x
yes (4.0.6.1)
yes (4.0.6.1)
yes
Yahoo! Anti-Spy
1.x
yes (3.6.0.0)
yes (3.6.0.0)
-
Integrity Agent
6.x
yes (4.1.2.0)
yes (4.1.2.0)
-
ZoneAlarm Pro (AntiSpyware)
6.x
yes (4.1.6.0)
yes (4.1.6.0)
-
STOPzilla
5.x
yes (4.1.3.2)
yes (4.1.3.2)
yes
1 "Yes" in the AS Checks Supported columns indicates the Agent supports the AS Rule check for the product starting from the version of the Agent listed in parentheses (CAM automatically determines whether to use Def Version or Def Date for the check).
2 The Live Update column indicates whether the Agent supports live update for the product via the Agent Update button (configured by AS Definition Update requirement type). For products that support "Live Update," the Agent launches the update mechanism of the AS product when the Update button is clicked. For products that do not support this feature, the Agent displays a message popup. In this case, administrators can configure a different requirement type (such as "Local Check") to present alternate update instructions to the user.
Supported AV/AS Product List Version Summary
Table 8 details enhancements made per version of the Supported Antivirus/Antispyware Product List. See Clean Access Supported AV/AS Product List for the latest Supported AV list as of the latest release. See New and Changed Information for the release feature list.
Caveats
This section describes the following caveats:
•
•
•
•
Note
http://www.cisco.com/pcgi-bin/Support/Bugtool/home.pl
To become a registered cisco.com user, go to the following website:
http://tools.cisco.com/RPF/register/register.do
Open Caveats - Release 4.1(8)
Note
Table 9 List of Open Caveats (Sheet 1 of 12)
CSCsd03509
No
The Time Servers setting is not updated in HA-Standby CAM web console
After updating the "Time Servers" setting in HA-Primary CAM, the counterpart "Time Servers" setting for the HA-Standby CAM does not get updated in the web console even though the "Time Servers" setting is updated in the HA-Standby CAM database.
CSCsd90433
No
Apache does not start on HA-Standby CAM after heartbeat link is restored.
Output from the fostate.sh command shows "My node is standby without web console, peer node is active."
CSCse86581
No
Agent does not correctly recognize def versions on the following Trend AV products:
•
•
•
Tested Clients:
•
•
•
•
CSCsg07369
No
Incorrect "IP lease total" displayed on editing manually created subnets
Steps to reproduce:
1.
2.
3.
4.
The issue is judged to be cosmetic and does not affect DHCP functionality.
CSCsg66511
No
Configuring HA-failover synchronization settings on Secondary CAS takes an extremely long time
Once you have configured the Secondary CAS HA attributes and click Update, it can take around 3 minutes for the browser to get the response from the server. (Configuring HA-failover synchronization on the Primary CAS is nearly instantaneous.)
CSCsh77730
No
Clean Access Agent locks up when greyed out OK button is pressed
The Clean Access Agent locks up when the client machine refreshes its IP address. This only occurs when doing an IP release/renew, so the CAS must be in an OOB setup.
If the Automatically close login success screen after <x> secs option is enabled and the duration set to 0 (instantaneous) in the Clean Access > General Setup > Agent Login page and the user clicks on the greyed out OK button while the IP address is refreshing, the Clean Access Agent locks up after refreshing the IP address. The IP address is refreshed and everything else on the client machine works, but the user cannot close the Clean Access Agent without exiting via the system tray icon, thus "killing" the Agent process.
Workaround
CSCsi07595
No
DST fix will not take effect if generic MST, EST, HST, etc. options are specified
Due to a Java runtime implementation, the DST 2007 fix does not take effect for Cisco NAC Appliances that are using generic time zone options such as "EST," "HST," or "MST" on the CAM/CAS UI time settings.
Workaround
Note
CSCsj16366
No
Time sync on CAS
The CAS network module (NME-NAC-K9) appears as "not connected" in CAM web console after a router/rack power outage.
This issue has been observed on a NME-NAC-K9 running Cisco NAC Appliance release 4.5(1) installed in a Cisco 2821 ISR in Out-of-Band Real-IP Gateway mode. In addition, the CAM returns the following event log message:
"AutoConnectManager failed relinking CAM with CAS-i.p.add.rs."
Note
Workaround
CSCsk55292
No
Agent not added to system tray during boot up
When the Agent is installed on a Windows client, the Start menu is updated and Windows tries to contact AD (in some cases where the AD credentials are expired) to refresh the Start menu.
Due to the fact that the client machine is still in the Unauthenticated role, AD cannot be contacted and an approximately 60 second timeout ensues, during which the Windows taskbar elements (Start menu, System Tray, and Task Bar) are locked. As a result, the Agent displays a "Failed to add Clean Access Agent icon to taskbar status area" error message.
Workaround
•
•
CSCsl13782
No
Microsoft Internet Explorer 7.0 browser pop-ups on Windows Vista launched from the Summary Report appear behind the Summary Report window
This is also seen when you click on the Policy link in the Policy window. This issue appears on Vista Ultimate and Vista Home, but is not seen with Firefox or on Internet Explorer versions running in Windows 2000 or Windows XP.
Note
CSCsl71585
No
DHCP status does not display non-restricted scope with Relay IP restriction
When a DHCP range with no restrictions and a DHCP range with a Relay-IP restriction are created using the Clean Access Manager (CAM) GUI, the DHCP range with no restrictions does not display.
Steps to reproduce:
1.
2.
3.
4.
The web page only displays the IPs for the relay-IP restriction and does not display the non-restricted IP scope.
Workaround
Note
CSCsl17379
No
Multiple Clean Access Agent pop-ups with Multi NIC in L2 VGW OOB role-based VLAN
The user sees multiple Clean Access Agent login dialogs with two or more active NICs on the same client machine pointing to the Unauthenticated network access point (eth1 IP address).
After the first Clean Access Agent pops up and the user logs in, a second Agent login dialog pops up. If the user logs in to this additional Agent instantiation there are now two entries for the same system with both MAC addresses in the CAM's Certified Device List and Online Users List.
Workaround
CSCsl40626
No
Cisco NAC Web Agent should handle certificate revocation dialogs similar to Clean Access Agent
Upon logging in via the Cisco NAC Web Agent (with certificate revocation turned on or with Norton 360 installed), the user is presented with a "Revocation information for the security certificate for this site is not available. Do you want to proceed?" dialog box several times (approximately 40 to 50 times). If the user clicks Yes to proceed enough times, the Web Agent fails to login and reports "You will not be allowed to access the network due to internal error. Please contact your administrator." back to the user.
CSCsl40812
No
The Refresh Windows domain group policy after login option is not functioning for Cisco NAC Web Agent
(It is working fine with the Clean Access Agent.)
This scenario was tested configuring a GPO policy for a Microsoft Internet Explorer browser title. The browser was not refreshed as expected after login in using the Web Agent.
CSCsl75403
No
MAC filter does not work for Macintosh client machines connected to the network in VPN environment
Steps to reproduce:
1.
2.
3.
4.
5.
6.
CSCsl77701
No
Network Error dialog appears during CAS HA failover
When a user is logged in as ADSSO user on CAS HA system and the CAS experiences a failover event, the user sees is a pop-up message reading, "Network Error! Detail: The network cannot be accessed because your machine cannot connect to the default gateway. Please release/renew IP address manually."
This is not an error message and the user is still logged in to the system. The user simply needs to click on the Close button to continue normal operation.
CSCsl88429
No
User sees Invalid session after pressing [F5] following Temporary role time-out
When a user presses [F5] or [Refresh] to refresh the web page after the Agent Temporary role access timer has expired, the user sees an "Invalid" session message. If the user then attempts to navigate to the originally requested web address, they are prompted with the web login page again and are able to log in.
CSCsl88627
No
Description of removesubnet has "updatesubnet" in op field
The removesubnet API function description has "updatesubnet" listed in its operations field. The description should read "removesubnet."
CSCsm20254
No
CAS duplicates HSRP packets with Cisco NAC Profiler Collector Modules enabled.
Symptom HSRP duplicate frames are sent by CAS in Real-IP Gateway with Collector modules enabled. This causes HSRP issues and the default gateway to go down.
Conditions
Workaround
CSCsm20655
No
Can not do a minor upgrade for Clean Access Agent from MSI package.
When CCAAgent.msi is used and the Clean Access Agent is upgraded to a minor version (e.g. 4.1.2.1 to 4.1.2.2) the following error message will be displayed:
"Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel."
This issue occurs because the Windows Installer uses only the first three fields of the product version. When a fourth field is included in the product version, the installer ignores the fourth field. For details refer to http://msdn2.microsoft.com/en-us/library/aa370859(VS.85).aspx
Workaround
CSCsm25788
No
Avast 4.7 showing as not up to date with Cisco NAC Appliance Release 4.1(3)
User is told that Avast needs to be updated, but shows as up to date. This occurs when user is running Avast 4.7 and the Agent version is 4.1.3.0 or 4.1.3.1
Workaround
CSCsm53743
No
File ownership of Mac OS X Agent directory and related files should be corrected
File ownership of Mac OS X Agent and related files should be "root:admin."
Currently, the file ownership is with UID 505 and GID 505. Anyone able to assume this UID could potentially modify the Agent application files and introduce a security threat.
CSCsm61077
No
ActiveX fails to perform IP refresh on Windows Vista with User Account Control (UAC) turned on.
When logged in as a machine admin on Vista and using web login with IP refresh configured, IP address refresh/renew via ActiveX or Java will fail due to the fact that IE does not run as an elevated application and Vista requires elevated privileges to release and renew an IP address.
Workaround
1.
2.
3.
This is a limitation of the Windows Vista OS.Alternatively, the Cisco NAC Web Agent can be used with no posture requirements enabled.
See also Known Issue for Windows Vista and IP Refresh/Renew.
CSCsm76779
No
CSRF tag is added to CAS specific MAC Device Filter description field upon edit
Steps to reproduce:
1.
2.
"<a href='http://www.cisco.com'>Cisco</a>"3.
Subsequent entry updates also append the same CSRF tag each time the administrator edits the description. After editing the description 3 times, however, the entry can no longer be edited and the CAS returns an "Updating device MAC failed" error message.
Note
CSCsm79088
No
Mac OS X Agent reports "Unknown user" when sending the second logout request
The Mac OS X Agent specifies an "Unknown user" when it sends a second logout request before receiving a response from the first logout request.
Steps to reproduce:
1.
2.
3.
The Mac Agent displays a "Cisco Clean Access Agent is having a difficulty with the server. Unknown user." error message, resulting in a situation where the client machine no longer appears in the CAM's Online Users list even though the Agent indicates that the user is logged in. In this situation, the Mac Agent essentially "freezes" as the user is no longer able to log out, ether.
CSCso41549
No
Administrator cannot delete the OUL manually if the In-Band CAS is not available to the CAM
If an In-Band CAS fails for some reason (if the CAS suffers a hardware failure, for example), users stay in the Online Users List.
Workaround
CSCso49473
No
SEVERE: javax.naming.CommunicationException causes no provider list
Configuration: ADSSO with LDAP Lookup
If the LDAP connection to AD drops because the lookup takes a long time or the route is lost suddenly, the Agent does not receive the list of auth providers so the user is presented with a blank provider list.
Symptom: The dropdown list of authentication providers is blank.
Conditions: LDAP server fails to respond due to network connectivity failure or a long directory search. The failure must occur after communication to the LDAP server has begun.
Workaround: None
Note
CSCsr52953
No
RMI error messages periodically appears for deleted and/or unauthorized CASs in CAM event logs
Clean Access Servers connected to a CAM can periodically appear as "deleted" or "unauthorized" in the CAM event logs even though the CAS is functioning properly and has not experienced any connection issues with the Clean Access Manager. Error message examples are:
•
•
Workaround
•
•
CSCsr90712
No
Symantec Antivirus delays Clean Access Agent startup
The Agent takes a long time to pop up on a client machine with real-time antivirus scanning enabled and operating.
Workaround
Exclude the Clean Access Agent AV411 directory from Symantec Antivirus scanning. See http://service1.symantec.com/support/ent-security.nsf/docid/2002092413394848.
Note
For Vista, refer to http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008111414031848.
CSCsx05054
No
DHCP does not work with IGNORE fallback policy and CAS Failover
If CAS Fallback policy is set to IGNORE and the CAM becomes unreachable from CAS, the CAS blocks all traffic and CAS DHCP stops working.
Workaround
CSCsx05141
No
Clients cannot get IP addresses from CAS DHCP relay agent in CAS fail-open with CAS fallback scenario
Steps to reproduce this issue:
1.
2.
3.
4.
5.
Even though the administrator can see dhcrelay functioning, clients are now unable to get IP addresses through new Active CAS.
CSCsx25557
No
NOD32 3.x does not pass remediation and the Def date is not recognized by the Clean Access Agent
Cisco NAC Appliance cannot remediate client machines where NOD32 3.x is installed and the Def date string is not recognized.
Note
CSCsx35438
No
Clean Access Manager read timeout reached when deleting many DHCP IPs at once
After upgrading to or installing release 4.1(8) and deleting hundreds of DHCP IPs at once, the Clean Access Server becomes unmanageable. This issue affects Clean Access Servers configured as a DHCP server on which the administrator tries to delete more than 800 DHCP IPs at once.
Workaround
CSCsz67981
No
MSI-based upgrade from Agent version 4.1.3.x to 4.1.8.0 requires uninstall
Attempts to upgrade MSI-based Clean Access Agents (provided either manually or via policy-based installation rather than downloaded from the CAS, directly) fails. The Cisco NAC Appliance system also returns the following error message:
"Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel."
This occurs even if the installation file is correctly renamed to CCAAgent.msi prior to installation.
Note
Workaround
Resolved Caveats - Agent Version 4.1.10.0
Refer to Cisco NAC Appliance Agents and Enhancements in Release 4.1(8) for additional information.
Resolved Caveats - Agent Version 4.1.8.0
Refer to Cisco NAC Appliance Agents and Enhancements in Release 4.1(8) for additional information.
Resolved Caveats - Release 4.1(8)
Refer to Enhancements in Release 4.1(8) for additional information.
Table 12 List of Resolved Caveats (Sheet 1 of 8)
CSCsl94153
Yes
Add date-based checks to Cisco NAC Appliance for Microsoft Forefront
Cisco NAC Appliance checks for installation of Microsoft Forefront and can perform a version check, but the current version check does not support the "check by date" option.
CSCsm32684
Yes
Double-quote in message body corrupts HTML presentation
The web page presented to the user to download the Cisco Clean Access Agent features the "Require use of Clean Access Agent" message body twice.
This issue occurs when a double-quote is added to the configuration in Device-Management > Clean Access > General Setup > Agent Login > [user role] > Require use of Clean Access Agent and the associated check box is checked.
Workaround
CSCsm41462
Yes
Heartbeat timer expires repeatedly after HA failover
Once an In-band CAS HA failover event takes place, all clients authenticated by original active CAS repeatedly receive "heartbeat timer expired" messages within short time (30 seconds to 1 minute) whether the client is sending packets or not.
Workaround
CSCsm81853
Yes
Blank space characters on Program Parameters are corrupted
If program parameters is configured a blank space character, the parameter is corrupted. For example, when "arg1 arg2" is configured on Program Parameters, it is corrupted like "arg1+arg2," "arg1%2Barg2."
CSCsm82486
Yes
CAM web console slow and Java process taking 99% CPU
While trying to access the "Device list" and "Profile" from the CAM web console Administration menu, the user interface opens very slowly and, after further investigation, it is observed that the CAM is utilizing 99.9% of the CPU for the Java process.
Workaround
+ <!--<filter-mapping><filter-name>CSRFFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>+ -->CSCso32106
Yes
Port list on CAM should be sortable by description instead of index
In the ports list on the CAM, ports are sorted by their index instead of by their slot/port number in IOS. The ports all show up in the correct order:
GigabitEthernet1/2 unassigned YES unset down downGigabitEthernet2/1 unassigned YES unset down downGigabitEthernet2/2 unassigned YES unset down downGigabitEthernet3/1 unassigned YES unset up upBut these ports are sorted by their index on the CAS, so GigabitEthernet 2/1 appears after GigabitEthernet 3/48 on the CAM. This issue has been observed with certain switch configurations, including on the Catalyst 4507R with two SupII+ modules.
Workaround
CSCso44904
Yes
CAM does not manage CAS via the Manage icon in web console
When clicking the Manage icon in the CAM GUI, the CAM occasionally locks up and does not open the CAS web console, rendering all associated CASs unmanageable.
Note
Workaround
CSCso57843
Yes
Standby CAS sends improper ARP request after bootup
This issue occurs in an HA pair environment using DHCP Synchronization.
Standby CAS sends improper ARP request from untrusted interface after bootup. The ARP request incorrectly updates ARP table on neighbor devices, then the Link Detect response on the untrusted interface is no longer able to reach the active CAS. As the result, HA is triggered.
The ARP packet contains the MAC address of the standby CAS as "Sender MAC" and the IP address of the active CAS as the "Sender IP."
1.
2.
3.
4.
Note
CSCsq27411
Yes
Standby CAS responds to ARP with the wrong MAC address
The CAS responds to ARPs on the untrusted interface with the MAC address of the trusted interface, thus causing the CAS to remain unreachable on the untrusted network.
This occurs if the CAS is set up in Virtual Gateway mode with both interfaces set to the same IP address and it only occurs on the standby CAS in an HA pair. Failing over causes the symptom to move to the other CAS. This issue mainly causes a problem when you are doing link detect on the untrusted side.
Note
CSCsq59801
Yes
Nessus plug-ins greater than 10 MB size limitation
When uploading a NESSUS plug-in .tar file that is greater than 10MB, the CAM returns the following error:
"Result: Error: Failed to upload file Content Length Error (18113815 > 10485760)"
When the upload file is greater than 10MB, the upload fails.
Workaround
CSCsr75123
Yes
Better handling for certificate chain in chain.crt file
Logs show SSL certificate chain errors even though the chain is present in the CAM and CAS. The issue is that the CA elements in the chain.crt file in the /root/.perfigo directory are out of sequence. The result is that the CAM is not able to manage the CAS, even though the certificate chain is present on both appliances.
Workaround
CSCsr95218
Yes
CAM Filters page does not display properly with limited Admin privileges
When bringing up the CAM web console Filters page, the administrator receives the following error:
"The link you requested is not present on this clean access system. If you reached this page by following a link from the user interface of the clean access manager or server then please report this as a bug."
Note
Workaround
CSCsu02167
Yes
SSL fails when Netscape Cert Type field does not contain "SSL Client"
As a result, the CAS and CAM disconnect from one another and users cannot authenticate. Report log entries show:
"SEVERE: SSLManager: client's certificate chain verification failed CN=CAS, OU=TAC, O=Cisco, L=RTP, ST=NC, C=US:Netscape cert type does not permit use for SSL client"
If certificates contain a Netscape Cert Type field and are used in release 4.1(6), that field has to contain both "SSL Server" and "SSL Client." If the field does not contain "SSL Client," communication between the CAS and CAM fails.
If the Netscape Cert Type field does not exist, then SSL succeeds. If the Netscape Cert Type field does exist, but does not contain both "SSL Server" and "SSL Client," authentication fails.
Note
Workaround
•
•
CSCsu46733
Yes
CAM/CAS does not handle blank spaces in certificate
CAM/CAS certificates containing blank spaces do not work when uploaded. You can verify whether or not your certificate contains blank spaces by viewing the certificate in a text editor application like Wordpad or Notepad.
Workaround
CSCsv10336
Yes
CAS does not accommodate RADIUS accounting packets greater than 8192 bytes
Cisco Clean Access Servers appear to have a 8192 byte limitation in the size of accounting packets they can successfully reassemble when performing VPN SSO. Packets exceeding 8192 bytes result in an "INFO: Accounting Packet - Stated packet length [10696] is less than physical packet length [8192]" error message.
This limitation means that VPN SSO users with a large amount of groups or other information specified within the RADIUS accounting packet are unable to use SSO and "fall back" to a different authentication mechanism.
Workaround
CSCsv49225
Yes
Unable to create a VLAN Profile when the VLAN name contains a hyphen
This problem only applies to creating a VLAN profile and not when using the name for VLAN mapping.
Note
CSCsv61373
Yes
DHCP Option 78 (slp-directory-agent) is not offered to clients, even though it is a scope option on the server
The behavior has been observed in 4.1.3.1 Real-IP CASs.
Workaround
CSCsv64925
Yes
SSL communication error with LDAP server while using non-standard CA
When upgrading from a previous release of Cisco NAC Appliance, LDAP lookup on the CAM may stop working. This situation can occur if the administrator uses LDAP instead of the correct component included in Cisco NAC Appliance to enable SSL.
CSCsv71328
Yes
Start the DHCP server when CAM is not reachable
Clients cannot get IP addresses or even renew the leases when the DHCP service is configured to run on an active CAS (in HA) and the CAS is in Fail Open (FailOpen) due to CAM not reachable for an extended period of time.
Under the following condition the issue will show up:
•
•
•
•
•
Note
See DHCP Failover Behavior Enhancement for more information.
CSCsv74447
Yes
CAS Link-detect to check interface health
For some customers, network topology restricts them from configuring external pingable IP address to handle CAS HA link detection. (When active CAS detects network interface failure, failover will be triggered.)
Workaround
CSCsw20607
Yes
CAS/CAM Disconnect
In previous releases of Cisco NAC Appliance, the AutoConnectManager could get stuck publishing to one CAS. Bad network connectivity can make the AutoConnectManager hang for very long time.
Cisco has addressed this issue by introducing socket timeouts that have been tested in LAN and WAN environments.
CSCsw22557
Yes
OS Fingerprint Update required for Blackberry Bold
Cisco NAC Appliance is reading the Blackberry Bold OS identifier as a Windows OS.
Note
CSCsw33455
Yes
Improve CAM/CAS communication resiliency during network link failures
Bad WANs can make AutoConnectManager hang and not service cases that should connect.
Cisco has addressed this issue by adding socket timeouts and large file chunking so that the AutoConnectManager can escape certain cases where really bad network connectivity exists.
CSCsw35162
Yes
UI Forefront date-based checks support does not work
Client machine posture assessment fails for up-to-date Microsoft Forefront 1.5.x or when dates are within the selected range and the For AV Virus Definition rules, allow definition file to be <x> days older than option is being used.
Note
Workaround
CSCsw86694
Yes
CAS/CAM references wrong network configuration file
Netstat -an shows wrong local IP address for a socket.
Workaround
CSCsw97200
Yes
Upgrade does not preserve DB snapshot create date/time reported by CAM
The CAM does not preserve the date/time for DB snapshot files in the /perfigo/control/tomcat/webapps/download/WEB-INF/ directory for release 4.0(x)/4.0(x), nor does the CAM preserve the date/time in the /perfigo/control/data/download/ directory for release 4.5.
Note
CSCsx02849
Yes
ADSSO can run into trouble if exception is thrown
If the network environment is such that an ADSSO server can enter a state where the only way to fix the problem is to fix the environment and restart the CAS.
Workaround
CSCsx10139
Yes
Upgrade should modify CAS Fallback old default settings to the new one
If you upgrade the CAS to release 4.1(8) and are using CAS Fallback with the old default settings, the upgrade script modifies those Detect Interval and Detect Timeout settings to the new default values, notifies the administrator of the change, and inserts an entry in the upgrade logs. If the administrator specified new (non-default) values for the CAS Fallback feature settings, then the upgrade script recommends that the admin user modify the CAS Fallback settings manually to maintain expected behavior.
Workaround
Note
–
–
–
The new CAS Fallback default settings with 4.1(8) are:
–
–
–
–
Known Issues for Cisco NAC Appliance
This section describes known issues when integrating Cisco NAC Appliance:
•
•
•
•
•
•
•
•
•
•
•
Note
Known Issue with Mass DHCP Address Deletion
An issue exists in release 4.1(8) where a Clean Access Server configured to be a DHCP server can become unmanageable if the administrator attempts to delete more than 800 DHCP addresses from the appliance using the Clean Access Manager web console. If you have more than 800 DHCP addresses, Cisco recommends deleting addresses in smaller blocks of no more than 800 addresses at a time.
In addition to ensuring you do not delete more than 800 DHCP addresses at a time, there are two methods to work around this potential issue.
Workaround 1
The DHCP IP delete can be done manually by connecting to the CLI and executing the following commands:
service perfigo stoprm -f /var/state/dhcp/dhcpd.leasestouch /var/state/dhcp/dhcpd.leasesservice perfigo startIf on an HA system, Cisco strongly recommends taking the CASs offline and performing the commands on both machines simultaneously, taking particular care to issue the service perfigo start on th
Guest
