Vous êtes sur la page 1sur 22

HOW TO INSTALL CSA (CISCO SECURITY AGENT)

There are two ways to install CSA


1. Through file server
2. Through CSA Management Server URL
1. Through file server
Step 1: First go to START menu then RUN there you can type \\10.2.2.110 or
\\10.2.2.181 click OK or
Press ENTER
Step 2: If you type \\10.2.2.110 then you select NETWORK folder, when you click
that folder it will ask
For username and Password then you type username: netone and
password: netone.
Then you click OK Button. Or if you type \\10.2.2.181 then it will ask for
username
And password you give username: office scan and password: office scan.
And If your OS is Win 7 then type username: trend\office scan and
password: offices can.
In office scan you select tools folder.
Step 3: When you click the OK then it will open a new window, in that you select
CSA Installation.
Step 4: When you double click on CSA Installation folder, there is one CSAdesktops_V6.x.x.x.x setup
File just double click on it then

Step 5: Then Click on RUN button after clicking RUN button to check whether
installation started or not
Just right click on menu bar and select task bar and there you select
Process tab

Step 6: After Installation is completed system will ask for restart if you click OK
then system will
Immediately restarts otherwise system will restart automatically after 4
minutes.

2. Through CISCO URL


Step 1: Open your Internet Explorer or Mozilla Firefox and type
https://10.2.2.32/ then one web page will open

Step 2: There you can click on Agent kit at the bottom of left side and when click
on that you will see
Following window

Step 3: Then you click on Desktops_Vx.x.x.x, when you click it will ask for saving
file

Step 4: Then save on desktop and double click on that and RUN file after
successful installation it will ask

For system restart click OK otherwise it will automatically restart the after
4 minutes.
HOW TO TROUBLESHOOT CSA RELATED ISSUE
Step 1: First you double click on CSA icon which is present at the left side corner of
the menu bar

When you double click on CSA icon then you will see following window

Step 2: When you opened you will see the tasks of the CSA at the right side of the
window
Like Status, security settings, personnel firewall and many more.
Step 3: To check the STATUS of the CSA just click on STATUS task and you will see
following subtask of
CSA

HOST NAME: The Computer name of the local host. If computer is in domain then
you will see hostname
As DC101433.EDNITS.COM and if computer is not in domain or in
WORKGROUP.
Then you will see hostname as that computer name.
MANAGEMENT CENTER: The name of the CSA MC server with which you are
registered and from which
You receive policies. Main thing you have to observe that
management center should be
Reachable. And if it showing not reachable means there is no LAN
on that PC.
REGISTRATION CODE: The date your agent registered with CSA MC.
LAST POLL TIME: The last time the agent successfully polled CSA MC and last poll
time should show
Present time. Suppose if it is not showing then you just click poll
batten.
LAST DOWNLOAD TIME: The last time the agent downloaded updates from CSA
MC.

SOFTWARE UPDATE: An indication if a CSA software update is available.


If a software update is available, Click the Update Available button to receive the
software update.

Step 4: When you click on Security settings you will see following window

Step 5: In Security settings there are 3 main tasks like Security level, prevention
new network
Connection and Enable network lock after the specific network inactivity
time.
Security Level: The Low, Medium, and High security levels allow you to select an
administratively defined security policy.
Low: A Low security setting may cause the agent to detect the more commonly
known attacks that are easily distinguished from normal system behavior.
Medium: A Medium security setting may cause the agent to detect a wide range of
attacks similar to those detected at the high setting.
High: A High security setting may cause the agent to detect a wide range of both
known attacks and potential attack behavior.

Preventing New Network connection: When the Network Lock checkbox is enabled, your
system will not allow any new network connections until you disable this feature. Selecting the
checkbox enables the network lock.
Step 6: For Checking the Personnel Firewall you click on personnel firewall you will
see following screen

Use Personal Firewall settings to restrict certain applications from making


certain types of network connections.
The Personal Firewall feature gives you the ability to add restrictions to the
security policies created by your system administrator. It is not possible to
use this functionality to make your security policies more permissive.
In Personnel firewall there are two subtasks. Enable and Learn Mode

Enable Mode: To use the Personal Firewall, click the Enable checkbox. If Local
Learn Mode is not checked, then each time a new application attempts to
connect to the network, you will be asked whether this connection should be
permitted. If you respond no, then connections of this type will be denied in
the future. If you respond yes, then future connections of this type will be
allowed, assuming that they are not denied by other security policies.
Learn Mode: After Enabling the Personal Firewall, you may find that you get
a lot of query dialogs. By clicking the Local Learn Mode checkbox, you
instruct CSA to assume that all network connections not otherwise denied by
CSA policies are permitted. The application list on this screen will be
populated and will indicate that these applications are allowed to make
certain connections. In effect, the Local Learn Mode checkbox allows you to
bypass the query boxes while CSA learns what connections are permissible.
After a certain period of time, though, uncheck the Local Learn Mode box so
that you will be queried when applications you use infrequently attempt to
access the network.

Step 7: Anti Virus: When you click Anti Virus Tab task you will see the
following screen

Antivirus

The AntiVirus page allows users to update their local signature database,
perform on-demand virus scans, and manage quarantined files.

Updating Signature Database


The Last AV update field indicates the last time that local signature
database was updated. <Never> indicates that the local signature database
installed with the agent has not been updated. Click Update now to initiate
a signature database update.

Last scanned file


The Last scanned file field shows the path to the last file scanned as a
result of a CSA rule-triggering virus scan. The last file scanned after an Ondemand scan does not appear in this field.

On-demand Scan
When you click on On-demand Scan you will see the following window.
To configure the On-demand Scan we need to follow the following procedure.

1. Specify directories to be scanned: Click Add, browse to the drive or


directory you want to scan for viruses and click OK. The path is added
to the Directories to be scanned window. Repeat this step until you
have specified all the locations you want to scan.
Notes:

Directory scans are recursive. That is, all the subdirectories in the
directory you specify will be scanned in addition to the directory
you specify.

You can remove a directory from Directories to be scanned list


by selecting the path and clicking Remove.

2. Specify the scan speed:

Fast: Performs the scan the most quickly and uses the most CPU
resources. It may prevent you from performing other tasks.

Normal: Performs the scan at a moderate pace and uses a


moderate amount of CPU resources. It may impact other
operations.

Slow: Performs the scan at a slow pace and uses the least
amount of CPU resources. It has the least impact on other
operations.

3. Click Start scan.

The Scan progress area displays the directory and file being
scanned and a summary of the number of files scanned, files
found to be infected, and elapsed time of the scan.

When the scan is complete, the tile bar of the window will read,
"AntiVirus On-demand scan [complete]."

Quarantined Files Tab


If a file is found to have a virus, it is quarantined in place and listed in the
Quarantined files tab. A quarantined file is rendered inert by the CSA
AntiVirus rules installed on the host. You can delete quarantined files by
selecting them from the list and clicking the Delete file(s) button.
If you feel that a file has been quarantined erroneously, you can move it to
the Restored files tab by selecting the file and clicking the Restore File(s)
button. If a quarantined file is deleted from your computer for any reason, it
is also removed from the Quarantined files list. You can see in following
window quarantined file which is indicated by an arrow mark.

Restored Files Tab


A file listed in the Restored files tab was once quarantined, you determined
that the file was not malicious and "restored" your access to it. Restoring a
file does not give you additional access to it. For example, if you had readonly access to a file before it was quarantined, you will have read-only
access to it after it is restored.
If you want to quarantine a file in the Restored files list, select it from the list
and click Quarantine File(s). If a file in the Quarantined Files list is deleted
from your computer for any reason, it is also removed from the Restored files
list.
Step 8: When you click on FILE PROTECTION task you will get following
screen
Through some simple configuration, the agent can protect specified
local files and directories on your system from certain types of network
access. This is useful if you have sensitive personal information stored on
your system. Entering the name of the file or directory that you want to
protect limits network access to that resource.

You can add directories and files to the file protection field by browsing for
them or by entering them in the edit field using proper syntax. You can add
individual files to the file protection field by entering them in the edit field.
Generally, if an application attempts to open a file and make a network
connection, CSA queries the user to allow or deny the application from
editing the file and from making the network connection.

Selecting a Directory to Protect


1. Select Enable check box. This turns on file protection.
2. Click Browse.
3. Select the directory you want to protect and click Add; it appears in
the edit field.
4. (Optional) Using the syntax requirements below, edit the path
displayed in the edit field. This will allow you to generalize directory
paths.

5. Click Add. The information in the edit field is now added to the file
protection pane and protected from all network access.
6. Click Apply.
7. When you are done adding files and folders to the file protection pane,
click OK.

Entering Files and Directories to Protect


1. Select Enable check box. This turns on file protection.
2. In the edit field, type the name of the file or folder you want to protect.
Be sure to use the proper syntax described below.
3. Click Add. This file or directory added to the file protection pane and is
now protected from access by network applications.
4. Click Apply.
5. When you are done adding files and folders to the file protection pane,
click OK.

Removing File Protection from Files and Directories


1. Right-click the file name or directory name in the file protection pane.
2. Select Remove.
3. Click Apply.
4. When you are done removing files and folders from the file protection
window, click OK.

Disabling File Protection


To disable file protection, uncheck the Enable checkbox in the file protection
window. The file protection pane is grayed out. The contents of the file
protection pane are saved for when you want to turn file protection on again.
Step 9: When you click on Untrusted Application will see the following
screen

Untrusted Applications: The Cisco Security Agent can keep track of


downloaded files that are either applications or that could contain
programmatic content such as scripts or macros. Depending on how your
agent was configured by your system administrator, these files are
considered Untrusted and their filenames are displayed in the Untrusted
Applications edit box.

Trusted Application: If you want to remove a file or program from the list of
untrusted applications in the Untrusted Applications window, right-click on
the entry in the edit box and select Mark As Trusted. This removes the
application from the untrusted list, making it trusted can see this in following
window.
Step 9: The very next step is User Query Response

Responding to Pop-up Query Boxes


The management center administrator can create rules that prompt you to
allow or deny an action or terminate a process when an attempt is made by
a process to access resources on your system. In this case, if the rule in
question is triggered, a pop-up box appears prompting you to select from
several possible radio buttons and click Apply as follows:

Yes: Allows the application access to the resource in question.

No: Denies the application access to the resource in question.

No, Terminate this application: Denies the application access to the


resource in question and also attempts to terminate the application
process. The name of the application in question is displayed with the
terminate option.

Step 10.When you click on Event task you will get the following window.

Events
The Events window displays security-related messages, system errors, and
system status messages generated by Cisco Security Agent.
To view events, follow this procedure:
1. Click Events in the Tasks area of the Cisco Security Agent interface.
2. Select the set of events to display from the Event Type list box.

Selecting Recent Events displays important security-related


messages received by the agent beginning at the last time the
agent interface was launched.

Selecting All Logged Security Events displays all securityrelated messages received by the agent, including those
generated before the agent interface was launched.

Selecting All Logged Events & Debug Messages displays all


security-related messages, system errors, and system status
messages generated by Cisco Security Agent, including those
generated before the agent interface was launched.

Clicking the View button launches a text file containing more detailed
information than the event type you have chosen to display.

Clicking the Purge button clears the messages displayed by the Recent
Events or All Logged Security Events event types. You can not purge the
messages displayed by the All Logged Events & Debug Messages event
type.
Step 11.The last task of the CSA is Contact Information.

Contact Information
This window allows you to provide contact information to the administrator,
including your name, telephone number, location, and email address. If your
system administrator has requested that you enter this information, do so
here and click the Apply button. CSA MC receives this contact data and the
administrator can now quickly locate you if your agent indicates that there is
a problem.