Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
31-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Configuring Dynamic Access Policies
If the installed program does support active scan, and active scan is enabled for the program, Host
Scan reports the presence of the software. Again the security appliance selects DAP records that
specify the program.
If the installed program does support active scan and active scan is disabled for the program, Host
Scan ignores the presence of the software. The security appliance does not select DAP records that
specify the program. Further, the output of the debug trace command, which includes a lot of
information about DAP, does not indicate the program presence, even though it is installed.
Endpoint Attribute Definitions
Table 31-2 on page 31-5 defines the endpoint selection attribute names that are available for DAP use.
The Attribute Name field shows you how to enter each attribute name in a LUA logical expression, which
you might do on the Advanced tab of the Add/Edit Dynamic Access Policy dialog box. The label variable
identifies the application, filename, process, or registry entry.
Table 31-2 Endpoint Attribute Definitions
Attribute Type Attribute Name Source Value Max
String
Length
Description
Antispyware
(Requires
Cisco Secure
Desktop)
endpoint.as.label.exists Host Scan true Antispyware
program exists
endpoint.as.label.version string 32 Antispyware
description
endpoint.as.label.description string 128 class attribute
value
endpoint.as.label.lastupdate integer Seconds since
update of
antispyware
definitions
Antivirus
(Requires
Cisco Secure
Desktop)
endpoint.av.label.exists Host Scan true Antivirus program
exists
endpoint.av.label.version string 32 Antivirus
description
endpoint.av.label.description string 128 class attribute
value
endpoint.av.label.lastupdate integer Seconds since
update of antivirus
definitions
Application endpoint.application.clienttype Application string Client type:
CLIENTLESS
ANYCONNECT
IPSEC
L2TP
 previous next