Cisco NAC agent does not recognise DLP agent install of Win7 x64 machine.

book

Article ID: 159841

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You have the Cisco NAC agent installed to authenticate the machine before it can join the corporate network. In order for the machine to pass authentication, the machine needs to have the DLP agent installed.

You have configured a check so that the NAC agent will check the machine registry to verify the EDPA and WDP exist in the registry. Whilst this check works on Windows XP and Windows 7 x32 it is failing on Windows 7 x64 machines.

Resolution

The NAC Agent is a 32 bit application, it uses the Windows API call RegOpenKey which is generating a call to RegSetInfoKey internally. In case of WOW the RegQueryValue API internally does a metadata update via RegSetInfoKey which is blocked by agent because of tamper protection.

The RegOpenKey API call behaves differently on 32 and 64 bit platforms. Windows API does a meta data update only if the call is from a 32-bit client on 64-bit system, so this is observed only for WOW.

Disabling appropriate bits of tamper proofing should get  past this issue. Disable registry tamper protection through the agent advanced settings page and set (ENABLE_AGENT_TAMPER_PROTECTION = 3).