Applies to Kaspersky Administration Kit 8.0
Kaspersky Administration Kit 8.0 supports collaboration with с Cisco Network Admission Control (NAC) allowing to create a match between computer antivirus protection conditions and Cisco NAC statuses.
When working with Cisco NAC, the Administration server functions as a standard Posture Validation Server (PVS) component which can be used by the administrator to allow or deny network access for a PC (depending on antivirus protection status).
When you install Network agent on a client PC, a plug-in for Cisco NAC is installed along with it. This plug-in is active if Cisco Trust Agent is installed on the PC.
You can configure collaboration with Cisco NAC in an Administration server properties tab Cisco NAC. Here you can set a correspondence between computer antivirus protection conditions and Cisco NAC statuses. Administration server policy also has a tab like this.
Choose a Cisco NAC computer status in the upper filed: Healthy, Checkup, Quarantine or Infected. Use checkboxes in the tables for each of these statuses to set antivirus protection conditions corresponding to them. You can modify threshold values for some of them. To do it select a desired condition in the column Condition, click the button Modify to edit it, and set a desired value in the field Value.
Condition lists are equal for the following levels: Checkup, Quarantine and Infected. Healthy level conditions are opposite to conditions of other levels.
The status Healthy is assigned only to PCs meeting all conditions, while it is enough to meet just one condition to receive a Checkup, Quarantine or Infected status.
For conditions Real-time protection status differs from the status set by the administrator and Real-time protection status same as set by administrator:
- please be advised that real-time protection statuses are different for different versions of Kaspersky Anti-Virus for Windows Workstations / Servers. When choosing values for these parameters, consult the list of possible real-time protection statuses.
- it is only viable to use these conditions to assign computer statuses for users having permissions to modify real-time protection settings. I.e. if the options to modify and stop real-time protection settings are not locked in the policy.
Enter the Posture Validation Server port number which is used to exchange data with the Cisco server in the filed PVS port number. The default port is 18000.