31-25
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
Add/Edit DAP Entry Dialog Box > Anti-Virus
You can configure a scan for antivirus applications and updates as a condition for the completion of a
Cisco AnyConnect or clientless SSL VPN connection. Following the prelogin assessment, Cisco Secure
Desktop loads Endpoint Assessment checks and reports the results back to the security appliance for use
in assigning a dynamic access policy.
Note Duplicate entries are not allowed. If you configure a dynamic access policy with no AAA or endpoint
attributes, the security appliance always selects it since all selection criteria are satisfied.
Navigation Path
Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12 with the Main tab selected, then
click Create, or select a dynamic access policy in the table and click Edit. The Add/Edit DAP Entry
dialog box is displayed. Select Anti-Virus as the Criterion.
Related Topics
Understanding DAP Attributes, page 31-3
Configuring DAP Attributes, page31-7
Type Select one of the following options and assign the associated values:
Not Installed—Select if the absence of the named anti-spyware
from the remote PC is sufficient to match the prelogin policy you
are configuring.
Installed and enabled—Select if the named anti-spyware must be
present and enabled on the remote PC to match the prelogin policy
you are configuring.
Installed and disabled—Select if the mere presence of the named
anti-spyware on the remote PC is sufficient to match the prelogin
policy you are configuring.
Vendor Name Select the text that describes the application vendor from the list.
Product ID Select a unique identifier for the product that is supported by the
selected vendor from the list.
Product Description Available only if you selected Matches as the Type.
Select the check box, then select the description of the product from the
list.
Version Available only if you selected Matches as the Type.
Identify the version of the application, and specify whether you want
the endpoint attribute to be equal to/not equal to that version.
Last Update Available only if you selected Matches as the Type.
Specify the number of days since the last update. You might want to
indicate that an update should occur in less than or greater than the
number of days you enter here.
Table31-9 Add/Edit DAP Entry Dialog Box > Anti-Spyware (Continued)
Element Description