LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

August 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS August 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: ETA on Added OS Detection
From:	"Simon L. Bell" <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Sat, 12 Aug 2006 17:48:30 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (139 lines)

Sure, I realize the patch was in ED state and I was aware of the fact it 
would detect the new OS versions. However it also says in that same 
document that "The 4.0(2) release is a mandatory upgrade for all 4.0(0) 
and 4.0(1) systems. All customers on 4.0(0) or above should apply this 
patch." It also doesn't mention that while these new OS detection 
abilities are out there, oh by the way, you can't do anything with them.

Simon

Homer Manila wrote:
> Simon,
> 
> You're telling me :)  I just got an email back from TAC saying that 
> 4.0.2 is ED and that the caveat was listed in the release notes:
> 
> http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/cca/cca40/4rn.htm#wp355609
> 
> I replied saying that it would've been nice if the caveat was listed in 
> the open caveats section, and not as an "enhancement" :)  *sigh* so it's 
> looking like we'll have to dedicate some time to developing some checks 
> and requirements for the "new" OSes :P
> 
> I just hope we don't have as many MCE machines as you :)
> 
> --Homer Manila
> Network Security Administrator
> e-Operations,
> Network Security
> American University
> 
> -----Perfigo SecureSmart and CleanMachines Discussion List 
> <[log in to unmask]> wrote: -----
> 
>     To: [log in to unmask]
>     From: "Simon L. Bell" <[log in to unmask]>
>     Sent by: Perfigo SecureSmart and CleanMachines Discussion List
>     <[log in to unmask]>
>     Date: 08/11/2006 08:52PM
>     Subject: Re: ETA on Added OS Detection
> 
>     I agree. That would be a pain. It seems like perhaps we could have a
>     new
>     version of the agent that removes that feature until the added OS rules
>     are applied to the CAM/CAS.
> 
>     So far we're running at 21.3% Windows XP MCE
> 
>     Simon
> 
>     Homer Manila wrote:
>      > I'm not seeing that fix as "simple", unfortunately, but that
>     could just
>      > be me. :)  Back-revving users' clients back to an older version
>     seems a
>      > bit involved, as it will require, at least what it seems to me, a
>     lot
>      > more user intervention than I'd like, what with the user having to
>      > uninstall the newer client first.  We had no idea there was this
>     caveat
>      > when we upgraded to 4.0.2 last week and forced users to download the
>      > newest client(at least I didn't see it in the list of open
>     caveats), and
>      > now with students about to pile in TOMORROW, development of
>     directions
>      > to install the older client, testing, or even creating new
>     requirements
>      > for the unenforced OSes, has now become an impossibility.  Any
>      > suggestions?  What are people doing to re-force users to use the
>     older
>      > client, but have already pushed out the newest one?
>      >
>      > I'm going to open a TAC right now to see if I can get some more
>     Cisco
>      > eyes on this.
>      >
>      > --Homer Manila
>      > Network Security Administrator
>      > Office of Information Technology
>      > American University
>      > 202-885-2209
>      >
>      >
>      >
>      > Joyce, Todd N wrote:
>      >> The simple fix today is to run the 4.0.0.1 client if you are running
>      >> 4.0.2. CAM/CAS.  The only thing you will lose is the feature to
>     run the
>      >> clients from the download page.
>      >>
>      >> All the old rules should still work on the different versions of
>     windows
>      >> XP.
>      >>
>      >> I have tested this against Windows XP tablet edition only.
>      >>
>      >> Make sure that you set the CAM to NOT download the latest agent
>     updates
>      >> through autoupdate.
>      >> todd
>      >>
>      >> Todd Joyce
>      >> Network Services
>      >> Radford University - The Smart Choice
>      >> [log in to unmask]
>      >> (540) 831-7777
>      >>  
>      >> Keep your boots and ChapStick and ice hotels.
>      >> Give me shorts and sandals and a thirty-blocker.
>      >>
>      >> Temperance Brennan - Monday Mourning
>      >> -----Original Message-----
>      >> From: Perfigo SecureSmart and CleanMachines Discussion List
>      >> [mailto:[log in to unmask]] On Behalf Of Simon Bell
>      >> Sent: Friday, August 11, 2006 10:30 AM
>      >> To: [log in to unmask]
>      >> Subject: ETA on Added OS Detection
>      >>
>      >> All,
>      >>
>      >> Today (Friday Aug 11) is the infamous move-in weekend for us. I know
>      >> it's early for us, but I'm a little alarmed at how many XP Media
>     Center
>      >> Edition PCs are out there. Over the summer I only saw 10-15%. As
>     of this
>      >> email, we've only had about 280 new users login, however of
>     those users,
>      >> 68 of them have had Windows XP MCE. That's almost 25% of my
>     users... not
>      >> being checked for AV/Crits. If this trend continues I'll have
>     almost 675
>      >> users running who knows that AV/Crits roaming the network.
>      >>
>      >> When can we expect a fix for this?
>      >>
>      >> Simon  
>      >
> 
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU